Values for content-security-policy-report-only:
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 48
41
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-to blogspot; report-uri https://www.blogger.com/cspreport 25
default-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob:; frame-ancestors 'self'; style-src https: 'unsafe-inline'; connect-src https:; frame-src https:; script-src 'unsafe-eval' 'unsafe-inline' 'self' https: blob: data:; font-src https: data:; img-src https: data:; media-src https: blob:; object-src 'none'; report-uri https://o144486.ingest.sentry.io/api/5543380/security/?sentry_key=e66dfe54be8e47219dd8103b4deb2f1a&sentry_environment=policy_reports 22
frame-ancestors 'self' 15
script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/main_light_binary.js https://www.google.com/tools/feedback/chat_load.js https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.lJ2U8FrhmKc.es5.O/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/fine-allowlist 11
default-src 'self'; img-src 'self' *.ytimg.com t.co *.twitter.com *.onetrust.com *.calconic.com *.hotjar.com *.bing.com *.clarity.ms *.theaccessgroup.com accessgroup-website-v8-preview.azureedge.net accessgrouppreviewweb.azureedge.net accessgroupuatweb.azureedge.net accessgroupweb.azureedge.net cdn.jsdelivr.net id.rlcdn.com match.prod.bidr.io px.ads.linkedin.com px4.ads.linkedin.com segments.company-target.com *.blob.core.windows.net *.placeholder.com *.doubleclick.net www.google.co.uk www.google.com bat.bing.com www.google-analytics.com www.facebook.com www.google-analytics.com data: cdn.bizible.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com; script-src 'self' 'unsafe-inline' *.geoip-js.com geoip-js.com *.trustpilot.com *.onetrust.com *.calconic.com *.hotjar.com cdn-3.convertexperiments.com ucalc.pro *.clarity.ms *.ucalc.pro analytics.twitter.com npmcdn.com app-lon05.marketo.com pages.theaccessgroup.com tracker.gaconnector.com api.ipify.org bat.bing.com static.ads-twitter.com snap.licdn.com www.googleadservices.com connect.facebook.net tag.demandbase.com tags.srv.stackadapt.com snap.licdn.com www.google-analytics.com www.googleadservices.com www.youtube.com secure.perk0mean.com static.hotjar.com script.hotjar.com widget.surveymonkey.com googleads.g.doubleclick.net www.googletagmanager.com code.jquery.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com cdn.jsdelivr.net munchkin.marketo.net cdn.bizible.com *.visualwebsiteoptimizer.com app.vwo.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.onetrust.com widget.trustpilot.com *.convertexperiments.com munchkin.marketo.net cdn.bizible.com *.visualwebsiteoptimizer.com app.vwo.com connect.facebook.net *.facebook.net *.ads-twitter.com *.ipify.org *.demandbase.com; style-src 'self' 'unsafe-inline' *.salesforce.com *.calconic.com *.ucalc.pro tags.srv.stackadapt.com app-lon05.marketo.com cdn.jsdelivr.net fonts.googleapis.com cdnjs.cloudflare.com pro.fontawesome.com use.typekit.net p.typekit.net *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com; font-src 'self' data: *.typekit.net *.hotjar.com cdn.jsdelivr.net fonts.gstatic.com cdnjs.cloudflare.com pro.fontawesome.com; worker-src 'self' blob:; connect-src *.geoip-js.com geoip-js.com *.demandbase.com *.onetrust.com *.calconic.com *.hotjar.com *.hotjar.io *.clarity.ms *.mktoresp.com in.hotjar.com api.company-target.com tags.srv.stackadapt.com bat.bing.com www.google-analytics.com stats.g.doubleclick.net connect.facebook.net; frame-src *.salesforce.com *.ucalc.pro vars.hotjar.com app-lon05.marketo.com www.youtube.com player.vimeo.com www.facebook.com *.doubleclick.net app.vwo.com *.visualwebsiteoptimizer.com *.trustpilot.com; 11
frame-ancestors 'self' https://skybox.eskypartners.com; report-uri https://secure.esky.com/csp-report 11
default-src *.facebook.com *.fbcdn.net *.instagram.com data: blob:;script-src *.teststagram.com *.instagram.com static.cdninstagram.com *.facebook.com *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com https://translate.google.com https://apis.google.com https://accounts.google.com;style-src *.teststagram.com *.instagram.com static.cdninstagram.com data: blob: 'unsafe-inline' *.fbcdn.net *.facebook.com;connect-src *.teststagram.com *.instagram.com wss://edge-chat.instagram.com connect.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* ws://localhost:* blob: *.cdninstagram.com wss://*.instagram.com:* 'self' https://meta.privacy-gateway.cloudflare.com/relay;font-src *.teststagram.com *.instagram.com static.cdninstagram.com data: *.fbcdn.net *.intern.facebook.com *.facebook.com https://fonts.gstatic.com;img-src *.teststagram.com *.instagram.com *.facebook.com *.fbcdn.net data: *.igsonar.com *.cdninstagram.com *.whatsapp.net blob: *.fbsbx.com android-webview-video-poster: *.oculuscdn.com *.giphy.com https://*.google-analytics.com;media-src *.facebook.com *.fbcdn.net *.instagram.com *.cdninstagram.com cdn.fbsbx.com data: blob: https://*.giphy.com;frame-src *.instagram.com *.facebook.com *.fbsbx.com fbsbx.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 9
img-src 'self' blob: data: *.pinimg.com *.pinterest.com *.google.com *.facebook.com *.cedexis.com *.cedexis-test.com *.citrix.com *.tvpixel.com; report-uri /_/_/csp_report/?reportonly 9
default-src 'self' blob: https: data: mediastream: 'unsafe-eval' 'unsafe-inline';report-uri https://metrics.media-amazon.com/ 9
block-all-mixed-content; report-uri https://blog.hatena.ne.jp/api/csp_report 9
default-src 'self' https: ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' ; script-src-elem 'self' https: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: ; form-action 'self' https: 'unsafe-inline' 'unsafe-eval'; 9
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; report-uri https://xl86pc2ky3.execute-api.eu-central-1.amazonaws.com/prod/icorecspupload 7
font-src *.typekit.net fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: maxcdn.bootstrapcdn.com 'self' data: *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.com *.facebook.net *.clarity.ms get.geojs.io stats.g.doubleclick.net *.zdassets.com *.zendesk.com rum-collector-2.pingdom.net bam.nr-data.net *.klaviyo.com *.xtento.com *.tiktok.com *.google.com *.sportline.com.pa *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.instagram.com www.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.com *.facebook.net *.clarity.ms get.geojs.io stats.g.doubleclick.net *.zdassets.com *.zendesk.com rum-collector-2.pingdom.net bam.nr-data.net *.klaviyo.com *.xtento.com *.tiktok.com *.google.com *.sportline.com.pa *.weltpixel.com *.wesupply.xyz https://wesupplylabs.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.gstatic.com *.googleapis.com *.cdninstagram.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.facebook.com *.facebook.net *.clarity.ms get.geojs.io stats.g.doubleclick.net *.zdassets.com *.zendesk.com rum-collector-2.pingdom.net bam.nr-data.net *.klaviyo.com *.xtento.com *.tiktok.com *.google.com *.google.com.pa *.sportline.com.pa 'self' data: *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.paypal.com *.apptrian.com https://www.google.com https://www.google.com.co maps.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com beacon-audiences.magento-ds.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.googleapis.com *.gstatic.com *.instagram.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.com *.facebook.net *.clarity.ms get.geojs.io stats.g.doubleclick.net *.zdassets.com *.zendesk.com rum-collector-2.pingdom.net bam.nr-data.net *.klaviyo.com *.xtento.com *.tiktok.com *.sportline.com.pa *.pangle-ads.com *.google.com *.google-analytics.com *.cloudflare.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com beacon-audiences.magento-ds.com fonts.googleapis.com downloads.mailchimp.com https://static.klaviyo.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com *.google.com *.typekit.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net p13n-mr.adobe.io beacon-audiences.magento-ds.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adobedc.net *.demdex.net *.adobe.io performance.typekit.net *.sentry.io *.googleapis.com thm.visa.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.com *.facebook.net *.clarity.ms get.geojs.io stats.g.doubleclick.net *.zdassets.com *.zendesk.com rum-collector-2.pingdom.net bam.nr-data.net *.klaviyo.com *.xtento.com *.tiktok.com *.google.com *.sportline.com.pa *.pangle-ads.com *.google-analytics.com *.paypal.com api.mercadopago.com tm.filter:* maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 7
object-src 'none'; connect-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.cpggpc.ca https://www.google-analytics.com https://siteintercept.qualtrics.com https://www.facebook.com https://sslstats.canadapost.ca https://*.wistia.com https://dpm.demdex.net https://csi.gstatic.com https://adservice.google.com https://*.googlesyndication.com https://*.g.doubleclick.net https://maps.googleapis.com https://vmss.boldchat.com https://www.linkedin.com https://canadapost.tt.omtrdc.net https://services.postcodeanywhere.co.uk https://embedwistia-a.akamaihd.net https://cdn.cookielaw.org https://geolocation.onetrust.com; font-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://fonts.gstatic.com https://*.arcgis.com; form-action 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca  https://*.epost.ca https://www.facebook.com https://google.com; frame-ancestors 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.cpggpc.ca https://www.adobetag.com https://assets.adobedtm.com https://siteintercept.qualtrics.com  https://zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com https://connect.facebook.net https://snap.licdn.com https://z.moatads.com https://static.ads-twitter.com https://www.googletagmanager.com https://www.google.com https://www.googletagservices.com https://*.google-analytics.com https://*.googleadservices.com https://www.gstatic.com https://*.googlesyndication.com https://adservice.google.com https://adservice.google.ca https://maps.googleapis.com https://cdn.ampproject.org https://*.doubleclick.net https://*.twitter.com https://cdn.syndication.twimg.com https://dpm.demdex.net https://*.wistia.com https://*.frontlinesvc.com https://*.arcgis.com https://www.linkedin.com https://vmss.boldchat.com https://sb.scorecardresearch.com https://www.rnengage.com https://sjs.bizographics.com https://www.instagram.com https://secure.adnxs.com https://app.five9.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://*.frontlinesvc.com https://fonts.googleapis.com https://translate.googleapis.com https://*.twitter.com https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.arcgis.com https://*.arcgisonline.com https://app.five9.com; report-uri https://www.canadapost-postescanada.ca/cwc/components/rs/csp-reports; 7
font-src https://www.gstatic.com https://fonts.gstatic.com use.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * secure.payu.com merch-prod.snd.payu.com https://www.google.com www.xtento.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com static.payu.com www.xtento.com cdn.xtento.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com polyfill.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com secure.payu.com secure.snd.payu.com https://www.google.com https://www.gstatic.com www.xtento.com cdn.xtento.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com *.yotpo.com swellrewards.com *.swellrewards.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adyen.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com secure.payu.com merch-prod.snd.payu.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 7
report-uri /csp-report?p=; block-all-mixed-content; default-src 'none'; base-uri 'none'; img-src 'self' https://b.stripecdn.com https://q.stripe.com https://stripe-camo.global.ssl.fastly.net https://images.ctfassets.net https://assets.ctfassets.net data:; style-src 'unsafe-inline' 'self' https://b.stripecdn.com; connect-src 'self' https://stripe.com blob: https://stripe-images.s3.us-west-1.amazonaws.com https://errors.stripe.com https://b.stripecdn.com https://climate.stripe.com https://ext.stripe.com https://r.stripe.com https://c.increment.com https://c.stripe.dev https://c.stripe.global https://c.stripe.partners https://sales-live-chat.stripe.com https://y4pfttj91h-dsn.algolia.net/1/indexes/mkt_partners/query https://y4pfttj91h-1.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-2.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-3.algolianet.com/1/indexes/mkt_partners/query; font-src 'self' https://b.stripecdn.com; form-action 'self' https://stripe.com https://climate.stripe.com; frame-src 'self' https://js.stripe.com https://b.stripecdn.com https://crypto-js.stripe.com https://sales-live-chat.stripe.com https://checkout.stripe.com https://checkout.stripe.dev https://register.stripesessions.com; media-src 'self' https://b.stripecdn.com https://videos.ctfassets.net https://assets.ctfassets.net; script-src 'self' https://js.stripe.com 'sha256-vTifGUJH6hJYTvstw4xJ4xfr/vE0ELkOV4GpCumyqfg=' 'sha256-cCM0Z4lzGkzQnmbdVw+ouz0JRawyaKcZ4yiqzqYS7ek=' 'sha256-5LtzXhT7UFn+GqP5pKEMGL08UNZsrzANHFEBW/mQHGw=' 'sha256-3aWvb9tRBjmz1OjR3n7mwiTm94+s4iki4mMZF82asmc=' 'sha256-beLzNcen8LrazzSCRjAapoIMTgJI0osPWGNSX7aK6lc=' https://b.stripecdn.com https://crypto-js.stripe.com 'report-sample'; frame-ancestors 'self' https://app.contentful.com 6
default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://logger.kataweb.it/csp/ 6
default-src https: data: 'unsafe-inline' 'unsafe-eval' 6
font-src *.fontawesome.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com api.mapy.cz *.doubleclick.net *.facebook.com *.gstatic.com *.ppl.cz 'self' data: chat.fcc-online.pl https://geowidget.easypack24.net 'unsafe-inline' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com secure.payu.com merch-prod.snd.payu.com chat.fcc-online.pl *.criteo.com *.criteo.net *.domodi.pl *.doubleclick.net facebook.com *.facebook.com fledge-eu.creativecdn.com *.google.com *.googlesyndication.com *.hotjar.com imgstatic.eu opineo.pl *.opineo.pl *.payu.com tradedoubler.com *.tradedoubler.com *.paypo.pl 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.alothemes.com *.magepow.com https://www.magezon.com static.payu.com *.1rx.io *.360yield.com *.3lift.com *.ad.smaato.net *.adform.net *.admixer.net *.adnxs.com *.adscale.de *.adtarget.com.tr *.analytics.google.com api.mapy.cz *.betweendigital.com *.bidswitch.net *.bing.com *.casalemedia.com cm.mgid.com *.creativecdn.com *.criteo.com *.dmp.otm-r.com *.docomo.ne.jp *.domodi.pl *.doubleclick.net *.e-planning.net *.facebook.com *.facebook.net *.gemius.pl *.google-analytics.com *.google.bg *.google.com *.google.cz *.google.de *.google.hu *.google.pl *.google.ro *.googlesyndication.com *.googletagmanager.com *.gstatic.com hbx.media.net imgstatic.eu *.lijit.com *.loopme.me *.mobfox.com *.omnitagjs.com onetag-sys.com *.openx.net *.outbrain.com pixel.advertising.com pixel.rubiconproject.com *.ppl.cz *.pubmatic.com *.rmp.rakuten.com *.s3xified.com 'self' data: *.seznam.cz *.sharethrough.com *.smartadserver.com *.taboola.com *.thulium.com *.tiktok.com *.tmtarget.com *.trackmytarget.com tradedoubler.com *.tradedoubler.com *.trustx.org *.udmserve.net unpkg.com ups.analytics.yahoo.com *.visx.net *.wp.pl *.yieldmo.com widgets.trustedshops.com integrations.etrusted.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org data: 'self' 'unsafe-inline'; script-src www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.avada.io *.alothemes.com *.magepow.com secure.payu.com secure.snd.payu.com api.mapy.cz *.bing.com chat.fcc-online.pl *.criteo.com *.criteo.net delivery.clickonometrics.pl *.domodi.pl *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.hotjar.com imgstatic.eu integrations.etrusted.com js-agent.newrelic.com library.startquestion.com bam.eu01.nr-data.net opineo.pl *.opineo.pl *.ppl.cz *.seznam.cz static.payu.com tagmanager.google.com tags.creativecdn.com *.thulium.com *.tiktok.com *.tmtarget.com *.trackmytarget.com tradedoubler.com *.tradedoubler.com unpkg.com *.vimeo.com widgets.trustedshops.com *.wp.pl www.clarity.ms ssl.ceneo.pl https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.snrbox.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com api.mapy.cz *.doubleclick.net *.facebook.com *.googleapis.com integrations.etrusted.com *.ppl.cz chat.fcc-online.pl fonts.googleapis.com tagmanager.google.com https://geowidget.easypack24.net *.snrcdn.net *.gstatic.com https://www.google-analytics.com https://www.google.com https://www.snrcdn.net https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.thulium.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com secure.payu.com merch-prod.snd.payu.com ams.creativecdn.com *.analytics.google.com api.dhl.com api.mapy.cz app.startquestion.com chat.fcc-online.pl creativecdn.com *.facebook.com *.facebook.net *.g.doubleclick.net *.google-analytics.com *.google.bg *.google.com *.google.cz *.google.de *.google.hu *.google.pl *.google.ro *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.hotjar.io integrations.etrusted.com measurement-api.criteo.com bam.eu01.nr-data.net *.opineo.pl *.payu.com *.thulium.com *.tiktok.com unpkg.com wss2.hotjar.com wss://chat.fcc-online.pl wss://chat-proxy-service.thulium.com wss://ws16.hotjar.com wss://ws36.hotjar.com wss://wsp10.hotjar.com y.clarity.ms *.easypack24.net *.inpost.pl *.openstreetmap.org *.snrbox.com 'self' 'unsafe-inline'; child-src *.domodi.pl imgstatic.eu tradedoubler.com *.tradedoubler.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri chat.fcc-online.pl 'self' 'unsafe-inline'; 6
default-src 'self' 6
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri  /csp-report 6
report-uri /report-csp-violation 6
default-src https:; connect-src https: wss:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com static.pazaruvaj.com unpkg.com api.mapbox.com cdn.jsdelivr.net geowidget.easypack24.net maxcdn.bootstrapcdn.com ssl.ceneo.pl s.kk-resources.com elnino.daktela.com www.wiarygodneopinie.pl ts.tradetracker.net cdn.foxentry.cz www.parfemy-elnino.cz geowidget.inpost.pl www.googletagmanager.com smartsuppcdn.com *.demandware.net; object-src 'self'; img-src 'self' https: data:; font-src https: data:; frame-ancestors 'self' *.creativecdn.com *.hotjar.com *.googletagmanager.com; report-uri https://elnino.report-uri.com/r/d/csp/enforce 6
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src *.facebook.com/static_resources/webworker_v1/init_script/ *.facebook.com/static_resources/webworker/init_script/ *.facebook.com/static_resources/sharedworker/init_script/ *.facebook.com/static_resources/webworker/map_libre/ *.facebook.com/static_resources/webworker/map_libre_rtl/ *.facebook.com/sw/ *.facebook.com/sw;block-all-mixed-content;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 5
frame-src https://www.google.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://img6.wsimg.com; style-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://www.gstatic.com; report-uri https://sentry.brandsight.com/api/25/security/?sentry_key=d2a6cc459b0c48dd91884e7063bbddb4 script-src 'self' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://js.hs-scripts.com https://tags.tiqcdn.com https://snap.licdn.com https://www.google.com https://www.gstatic.com https://www.googleadservices.com https://www.google-analytics.com https://js.hs-analytics.net https://js.hs-banner.com 'sha256-0GmZYAqaqzetS+w1EyLdzTxUer98JQtlleth+bhMzm4=' 'sha256-h4kRXx7uh9BDCM48lIeC8OTw0+lUQIlD+u3Rsxo8ixg='; 5
default-src https: wss: data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; worker-src blob:; report-uri /csp-report 5
default-src 'self'; 5
report-uri /report-csp-violation; upgrade-insecure-requests 5
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /_csp 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.mythad.com https://*.kwai-pro.com http://*.kwai-pro.com http://*.kwai.net https://*.kwai.net *.kwai.com *.snackvideo.in *.kwai.me *.kwai.app *.kwimgs.com *.yximgs.com *.cloudfront.net *.kuaishou.com https://*.gifshow.com http://*.gifshow.com https://log-sdk.ksapisrv.com https://www.googletagmanager.com https://gifshow-static.download.ks-cdn.com https://static3.avast.com https://translate.google.com https://www.gstatic.com https://fonts.gstatic.com https://connect.facebook.net www.google-analytics.com hm.baidu.com m.snackvideo.com http://*.ap4r.com https://*.ap4r.com https://*.typekit.net http://*.typekit.net ak-sgp-pic.snackvideo.in tx-sgp-pic.snackvideo.in ws-sgp-pic.snackvideo.in g-us-kampic.golden49.net g-us-kamcdn.golden49.net m.kwai.com sentry.kuaishou.com https://cdn.jsdelivr.net https://at.alicdn.com https://www.facebook.com https://snap.licdn.com https://px.ads.linkedin.com https://cdn.linkedin.oribi.io https://www.linkedin.com https://*.google.com https://*.google-analytics.com https://*.doubleclick.net asset: data: blob: android-webview-video-poster: ikwai: chrome-extension:;img-src http: https: asset: data: blob: android-webview-video-poster: ikwai: chrome-extension:;connect-src http: https: asset: data: blob: android-webview-video-poster: ikwai: chrome-extension:;report-uri https://csplog.kwai-pro.com/log/kwai/wwwkwai 4
default-src 'self'; frame-ancestors 'self'; base-uri 'none'; object-src 'none'; connect-src 'self' adservice.google.com/pagead/regclk api.audible.com audible.sc.omtrdc.net/b/ss/ audible.tt.omtrdc.net/rest/v1/delivery bat.bing.com/p/insights/c/ dpm.demdex.net fls-na.amazon.com m.media-amazon.com pagead2.googlesyndication.com/pagead/buyside_topics/set/ siteintercept.qualtrics.com tr.snapchat.com unagi-na.amazon.com unagi.amazon.com www.audible.com www.facebook.com/tr/ www.google.com/pagead/landing; img-src 'self' ad.doubleclick.net bat.bing.com/action/0 fls-na.amazon.com googleads.g.doubleclick.net/pagead/viewthroughconversion/ images-eu.ssl-images-amazon.com images-na.ssl-images-amazon.com m.media-amazon.com s.amazon-adsystem.com/iui3 www.facebook.com www.google.ca/pagead/1p-user-list/ www.google.ch/pagead/1p-user-list/ www.google.ee/pagead/1p-user-list/ www.google.pt/pagead/1p-user-list/ www.google.ro/pagead/1p-user-list/ www.google.se/pagead/1p-user-list/ www.google.co.cr/pagead/1p-user-list/ www.google.co.il/pagead/1p-user-list/ www.google.co.in/pagead/1p-user-list/ www.google.co.ke/pagead/1p-user-list/ www.google.co.kr/pagead/1p-user-list/ www.google.co.nz/pagead/1p-user-list/ www.google.co.th/pagead/1p-user-list/ www.google.co.uk/pagead/1p-user-list/ www.google.co.za/pagead/1p-user-list/ www.google.com.ar/pagead/1p-user-list/ www.google.com.br/pagead/1p-user-list/ www.google.com.co/pagead/1p-user-list/ www.google.com.do/pagead/1p-user-list/ www.google.com.ec/pagead/1p-user-list/ www.google.com.hk/pagead/1p-user-list/ www.google.com.jm/pagead/1p-user-list/ www.google.com.mx/pagead/1p-user-list/ www.google.com.my/pagead/1p-user-list/ www.google.com.ng/pagead/1p-user-list/ www.google.com.pa/pagead/1p-user-list/ www.google.com.pe/pagead/1p-user-list/ www.google.com.ph/pagead/1p-user-list/ www.google.com.pk/pagead/1p-user-list/ www.google.com.sg/pagead/1p-user-list/ www.google.com/pagead/1p-user-list/ www.google.de/pagead/1p-user-list/ www.google.dk/pagead/1p-user-list/ www.google.es/pagead/1p-user-list/ www.google.ie/pagead/1p-user-list/ www.google.no/pagead/1p-user-list/ www.googleadservices.com/pagead/conversion/ www.googletagmanager.com; font-src www.audible.com m.media-amazon.com; frame-src 'self' 5164101.fls.doubleclick.net apps.rokt.com audible.demdex.net bs.serving-sys.com s.amazon-adsystem.com td.doubleclick.net tr.snapchat.com www.facebook.com; media-src 'self' images-na.ssl-images-amazon.com/images/ m.media-amazon.com samples.audible.co.uk samples.audible.com; script-src 'self' 'unsafe-inline' apps.rokt.com audible.sc.omtrdc.net bat.bing.com/bat.js bat.bing.com/p/action/4004590.js bat.bing.com/p/insights/s/0.7.20 bat.bing.com/p/insights/t/4004590 connect.facebook.net d.impactradius-event.com d1g3myji5lplsh.cloudfront.net d2nttevkh1mtzs.cloudfront.net googleads.g.doubleclick.net images-na.ssl-images-amazon.com sc-static.net siteintercept.qualtrics.com tr.snapchat.com www.googleadservices.com/pagead/conversion/ www.googletagmanager.com zn5ygnnjlk4oo0dy1-audible.siteintercept.qualtrics.com; style-src 'self' 'unsafe-inline' images-na.ssl-images-amazon.com; 4
script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/main_light_binary.js https://www.google.com/tools/feedback/chat_load.js https://www.gstatic.com/_/boq-play/_/js/k=boq-play.PlayStoreUi.en_US.aBL5liFtJnA.es5.O/ https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/;report-uri /_/PlayStoreUi/cspreport/fine-allowlist 4
font-src *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com bid.g.doubleclick.net https://www.google.com/ https://www.youtube.com/ *.youtube-nocookie.com *.adyen.com www.facebook.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://td.doubleclick.net/ https://www.google.com.ua/ https://www.google.bg/ https://ct.pinterest.com/ 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com analytics.google.com www.googletagmanager.com validator.swagger.io *.adyen.com *.googleapis.com *.gstatic.com https://images.unsplash.com *.bing.com www.facebook.com https://cdn.kaffekapslen.be https://www.google.com.ua/ https://www.google.bg/ https://www.google.dk/ *.clarity.ms https://googleads.g.doubleclick.net *.googleadservices.com https://bid.g.doubleclick.net https://kaffekapslen.dk/ *.kaffekapslen.dk/ *.klarnacdn.net https://kaffekapslen.media *.pinterest.com/ *.cloudinary.com/ https://www.googletagmanager.com/ https://app.usercentrics.eu/ data: 'self' 'unsafe-inline'; script-src www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com googleads.g.doubleclick.net www.googleadservices.com *.google-analytics.com analytics.google.com www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.googleapis.com *.gstatic.com cdn.jsdelivr.net *.newrelic.com gtm.adt313.net *.bing.com *.facebook.net bam.eu01.nr-data.net https://www.google.com https://googleads.g.doubleclick.net https://www.google.com.ua/ https://www.google.bg/ *.clarity.ms *.klarnacdn.net https://s.pinimg.com https://apis.google.com/ https://cdn.matomo.cloud/ https://widgets.trustedshops.com/ *.usercentrics.eu/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com cdn.jsdelivr.net *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.googleadservices.com *.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com *.adyen.com *.googleapis.com bam.eu01.nr-data.net *.clarity.ms www.facebook.com eu.playground.klarnaevt.com *.adt611.com *.pinterest.com/ *.kaffekapslen.dk/ https://az-apim-st-kaffekapslen.azure-api.net/ api.kaffekapslen.com https://www.google.com https://googleads.g.doubleclick.net https://bat.bing.com/ *.analytics.google.com/ https://kaffekapslen.matomo.cloud/ https://api.usercentrics.eu/ https://pagead2.googlesyndication.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/marketing_platform 3
child-src blob: data: https:; connect-src https: wss:; default-src blob: data: https: 'report-sample' 'unsafe-eval' 'unsafe-inline'; font-src data: https:; form-action https:; frame-src data: https:; img-src blob: data: https:; media-src blob: data: https:; object-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; script-src-elem https:; style-src https: 'unsafe-inline'; report-uri https://csp.ffx.io/; report-to csp-endpoint 3
default-src 'self'; report-uri https://csp.loopia.se;form-action 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://bib.eway2pay.com https://ticket.siriusit.net https://payment.architrade.com https://www.facebook.com;font-src 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://tpc.googlesyndication.com https://fonts.gstatic.com https://chat.puzzel.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://chat.puzzel.com https://www.google.com https://www.googletagmanager.com https://ssl.google-analytics.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.youtube.com https://*.ytimg.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.se https://bat.bing.com https://connect.facebook.net https://api.exponea.com https://widget.trustpilot.com https://static.hotjar.com https://script.hotjar.com https://active24.ladesk.com https://api.infinario.com https://g.microsoft.com https://snap.licdn.com https://sc.lfeeder.com;connect-src 'self' https://chat.puzzel.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.facebook.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.exponea.com https://in.hotjar.com https://bat.bing.com https://vc.hotjar.io https://api.infinario.com https://datainsights.loopia.se https://sc.lfeeder.com wss://*.hotjar.com https://www.google.com https://www.google.se https://www.google.be https://cdn.linkedin.oribi.io https://*.analytics.google.com https://adservice.google.com https://analytics.google.com https://content.hotjar.io;img-src 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://ssl.google-analytics.com https://*.ytimg.com https://track.double.net https://tbs.tradedoubler.com https://sealserver.trustkeeper.net https://www.gstatic.com https://track.adform.net https://www.googletagmanager.com https://chat.puzzel.com https://www.google.com.cy https://www.google.no https://www.google.rs https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.es https://googleads.g.doubleclick.net https://www.facebook.com https://www.google.se https://bat.bing.com https://www.google.fi https://www.google.gr data: https://*.ads.linkedin.com https://www.linkedin.com https://www.google.be https://fonts.gstatic.com https://tr.lfeeder.com;media-src https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://chat.puzzel.com;frame-src https://*.facebook.com https://player.vimeo.com https://*.mynewsdesk.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.soundcloud.com https://www.youtube.com https://widget.trustpilot.com https://vars.hotjar.com https://active24.ladesk.com https://1-vbus-eu.ladesk.com https://datainsights.loopia.se;object-src 'self';style-src 'self' 'unsafe-inline' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://chat.puzzel.com https://fonts.googleapis.com;script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://chat.puzzel.com https://www.google.com https://www.googletagmanager.com https://ssl.google-analytics.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.youtube.com https://*.ytimg.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.se https://bat.bing.com https://connect.facebook.net https://api.exponea.com https://widget.trustpilot.com https://static.hotjar.com https://script.hotjar.com https://active24.ladesk.com https://api.infinario.com https://g.microsoft.com https://snap.licdn.com https://sc.lfeeder.com https://www.gstatic.com 3
default-src 'self'; media-src https://static.zdassets.com; connect-src 'self' wss: https://protonmail.zendesk.com https://ekr.zdassets.com blob: https://account.proton.me https://reports.proton.me https://*.algolia.net https://*.algolianet.com https://go.getproton.me; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline'  https://static.zdassets.com https://pmecdn.protonweb.com; style-src 'self' 'unsafe-inline' https://pmecdn.protonweb.com; font-src 'self' https://pmecdn.protonweb.com; img-src 'self' data: blob: https:; object-src 'self' data: blob:; frame-src 'self' data: blob: https://www.youtube-nocookie.com; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'self'; 3
child-src 'self' tickets.papaki.com help.papaki.com support.papaki.gr accounts.google.com cdn.papaki.com payform.everypay.gr esecure.sia.eu payform-api.everypay.gr tpc.googlesyndication.com vpos.eurocommerce.gr; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: wss:; form-action 'self' vpos.eurocommerce.gr www.facebook.com eu.gateway.mastercard.com; frame-ancestors 'self'; frame-src 'self' https:; img-src 'self' data: https:; font-src 'self' https:; media-src assets-eu1-cloud.deskpro.com cdn.papaki.com; object-src 'self'; style-src 'self' 'unsafe-inline' assets-eu1-cloud.deskpro.com cdn.papaki.com cdnjs.cloudflare.com code.jquery.com fonts.googleapis.com maxcdn.bootstrapcdn.com; report-uri https://53af897d0dcebe7788bb17e0b500e3ef.report-uri.com/r/d/csp/wizard 3
default-src https: 'self' *.facebook.net *.googletagmanager.com *.bizibly.com *.doubleclick.net https://*.intercomcdn.com https://*.datadoghq-browser-agent.com; font-src 'self' https://*.intercomcdn.com *.fontawesome.com data:; base-uri 'none'; object-src data: 'unsafe-eval'; img-src 'self' data: * ; script-src https: 'self' 'unsafe-eval' 'unsafe-inline' http://*.google-analytics.com http://*.gstatic.com http://*.bing.com http://*.googleadservices.com http://*.hs-scripts.com http://*.bizible.com *.facebook.net *.googletagmanager.com http://*.fontawesome.com http://*.outbrain.com blob:; style-src https: 'self' *.fontawesome.com 'unsafe-inline'; report-uri /rest/trackers/csp; 3
report-uri https://cspr.app.rbb-cloud.de/cspr/;frame-ancestors 'self' https://www.rbb24.de https://*.rbb-online.de https://www.radioeins.de https://www.fritz.de https://www.antennebrandenburg.de https://www.inforadio.de https://www.rbb888.de; 3
default-src *.irideos.it *.clouditalia.com 'self' cdnjs.cloudflare.com 'unsafe-inline' cdn.datatables.net www.googletagmanager.com *.cookiebot.com *.google-analytics.com fonts.gstatic.com code.ionicframework.com fonts.googleapis.com www.google.com www.google.it www.gstatic.com maxcdn.bootstrapcdn.com code.jquery.com cdn.matomo.cloud irideos.matomo.cloud googleads.g.doubleclick.net *.leadchampion.com; report-to csp~irideos.it 3
default-src 'self' *; style-src 'self' cdnjs.cloudflare.com 'unsafe-inline'; script-src 'self' 'nonce-1FCE5001-AD83-4EF7-857C-A7D9F952E80B' 'nonce-1A05E578-60C3-4BDE-8796-8CC061208063' 'nonce-06A0559D-F732-435A-BCCB-F5C323D09623' 'nonce-CFED2703-44E1-4D11-A871-3261C57779D2' 'nonce-63E230C4-C78E-4252-856A-4B1FB79E4230' 'nonce-8BC37B9E-DD2A-4B48-9776-CB7BDF6DCA90' 'nonce-36A55DDA-32BD-4244-9109-7201F470D964' 'sha256-PO1m1Qgk7Ef6D3RtZn7m2n/kuQdKUcc4WIAhOkqMA+0='  code.jquery.com cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com www.google.com www.youtube.com cdn.cookielaw.org www.youtube-nocookie.com snap.licdn.com connect.facebook.net b2b.intrum.com b2b.intrum.fi b2b.intrum.dk track.adform.net googleads.g.doubleclick.net pi.pardot.com www.gstatic.com *.intrum.com *.hotjar.com *.inzynk.io; font-src 'self' fonts.gstatic.com; object-src 'none'; img-src * 'self' data:; report-uri /diagnostics/csp-report 3
default-src 'self' https: mcdn.pybydl.com; font-src 'self' https: data:; img-src 'self' https: data: mcdn.pybydl.com; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' mcdn.pybydl.com; style-src 'self' https: 'unsafe-inline' mcdn.pybydl.com; frame-src 'self' https: http: data:; connect-src 'self' https: wss: www.luck-nine.com; report-uri /csp_reports 3
default-src 'self'; report-to /testcspviolation/ 3
default-src https: 'unsafe-inline' 'unsafe-eval' wss: ;img-src https: data: blob: ; font-src https: data:; form-action https: http://www.last.fm; report-uri https://cbsi.report-uri.io/r/default/csp/enforce 3
default-src 'self' *.google.com google.com *.google.de google.de *.google.at google.at *.google.be google.be *.google.fi google.fi *.google.no google.no *.google.ru google.ru *.google.se google.se *.google.co.uk google.co.uk *.google.nl google.nl *.google.fr google.fr *.google.pl google.pl *.google.es google.es *.google.it google.it *.google.ch google.ch *.google.dk google.dk *.google.lt google.it *.google.cz google.cz *.google-analytics.com google-analytics.com *.googletagmanager.com googletagmanager.com *.googleapis.com googleapis.com *.sharp.de sharp.de *.sharp.at sharp.at *.sharp.be sharp.be *.sharp.fi sharp.fi *.sharp.no sharp.no *.sharp.ru sharp.ru *.sharp.se sharp.se *.sharp.co.uk sharp.co.uk *.sharp.nl sharp.nl *.sharp.fr sharp.fr *.sharp.pl sharp.pl *.sharp.es sharp.es *.sharp.it sharp.it *.sharp.ch sharp.ch *.sharp.se sharp.se *.sharp.dk sharp.dk *.sharp.cz sharp.cz *.sharp.eu sharp.eu *.sharpmarketing.eu imgs.aws.sharp.eu *.actonsoftware.com cdn.cookielaw.org stats.g.doubleclick.net bam.nr-data.net; script-src 'self' 'unsafe-inline' *.actonservice.com actonservice.com *.googletagmanager.com googletagmanager.com *.google-analytics.com *.google.com googleapis.com *.googleapis.com *.youtube.com youtube.com bam.nr-data.net js-agent.newrelic.com cdn.cookielaw.org *.sharpmarketing.eu *.gstatic.com *.hotjar.com snap.licdn.com bat.bing.com; style-src 'self' 'unsafe-inline' *.sharpmarketing.eu; img-src 'self' data: *.cookielaw.org cookielaw.org *.google.ca google.ca *.google.co.in google.co.in *.google.ro google.ro *.google.co.jp google.co.jp *.gogle.co.id google.co.id *.google.co.th google.co.th *.google.ae google.ae *.google.co.nz google.co.nz *.google.com google.com *.google.de google.de *.google.at google.at *.google.be google.be *.google.fi google.fi *.google.no google.no *.google.ru google.ru *.google.se google.se *.google.co.uk google.co.uk *.google.nl google.nl *.google.fr google.fr *.google.pl google.pl *.google.es google.es *.google.it google.it *.google.ch google.ch *.google.dk google.dk *.google.lt google.it *.google.cz google.cz imgs.aws.sharp.eu i.ytimg.com d35hoao4dw4qk2.cloudfront.net www.google-analytics.com *.sharpmarketing.eu *.actonsoftware.com px.ads.linkedin.com bat.bing.com px4.ads.linkedin.com www.google.co.za www.google.bg googleads.g.doubleclick.net www.google.gr; frame-src *; frame-ancestors 'self' *.sharp.de sharp.de *.sharp.at sharp.at *.sharp.be sharp.be *.sharp.fi sharp.fi *.sharp.no sharp.no *.sharp.ru sharp.ru *.sharp.sk sharp.sk *.sharp.se sharp.se *.sharp.co.uk sharp.co.uk *.sharp.nl sharp.nl *.sharp.fr sharp.fr *.sharp.pl sharp.pl *.sharp.es sharp.es *.sharp.it sharp.it *.sharp.ch sharp.ch *.sharp.se sharp.se *.sharp.dk sharp.dk *.sharp.hu sharp.hu *.sharp.lt sharp.it *.sharp.co.jp sharp.co.jp *.sharp.cz sharp.cz  *.sharp.eu sharp.eu; child-src *; font-src 'self' data:; connect-src 'self' *.google-analytics.com google-analytics.com cdn.linkedin.oribi.io bam.nr-data.net cdn.cookielaw.org stats.g.doubleclick.net privacyportal-eu.onetrust.com *.sharpmarketing.eu *.hotjar.com vc.hotjar.io bat.bing.com; report-uri https://apps.sharp.eu/sharp/apps/eu/csp-violation/report.php; upgrade-insecure-requests 3
frame-ancestors www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com 'self'; report-uri /fw_csp_collector.php; 3
font-src fonts.gstatic.com use.typekit.net https://*.gstatic.com data: *.sodatech.com *.sodatech.net *.gstatic.com *.typekit.net 'self' data: https://fonts.yieldify-production.com/fonts/100822/e6e8821f-e1ad-4601-aaed-5b3386a4580b.otf https://*.hotjar.io https://*.yieldify-production.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com pal-test.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * http://www.facebook.com/tr 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.adyen.com *.sharethis.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com www.xtento.com *.vimeo.com *.jsctool.com *.pinterest.com *.mmcagentur.at *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.demdex.net *.authorize.net *.paypal.com *.googletagmanager.com *.xtento.com *.app-wallee.com *.waltpixel.com *.equitystory.com app-wallee.com www.jsctool.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com widget.packeta.com https://odr.promo.dev/ https://*.yieldify.com https://ohws.prospective.ch/ https://tpc.googlesyndication.com/ https://*.hotjar.io https://www.mainadv.com https://ad.ad-srv.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://*.gstatic.com *.sharethis.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.xtento.com cdn.xtento.com blob: lindt.test *.lindt.test maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.klarna.com *.invibes.com *.b26net.com https://www.google-analytics.com *.googletagmanager.com *.cloudfront.net *.teads.tv *.videostep.com *.facebook.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.taboola.com *.doubleclick.net *.outbrain.com *.adobedtm.com *.omtrdc.net *.demdex.net *.everesttech.net *.magentocommerce.com *.sodatech.com *.sodatech.net app-wallee.com d.ratepay.com maps.gstatic.com maps.google.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com 'self' data: *.gstatic.com widget.packeta.com http://lindt-hg65tr.your-printq.com https://*.cookiepro.com https://assets-v2.yieldify.com/images/189494/2022/4/8/55c67825-1f9d-438d-815a-43a437f03af2.png https://assets-v2.yieldify.com/images/189494/2022/4/21/54125dc1-8b51-4175-bd53-7d33e427cc41.gif https://www.lindt-spruengli.com/ https://px.ads.linkedin.com/ https://*.seznam.cz https://*.hotjar.io https://*.yieldify.com https://i.cdn.nrholding.net https://*.sendtric.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.adyen.com *.sharethis.com *.googleapis.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com www.xtento.com cdn.xtento.com *.pcapredict.com lindt.slgnt.eu maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.ratepay.com *.cloudflare.com *.teads.tv *.r66net.com *.facebook.net *.googleadservices.com *.doubleclick.net *.cookiepro.com *.cloudfront.net *.videostep.com *.mfgroup.ch *.taboola.com *.outbrain.com *.adobedtm.com *.authorize.net *.unpkg.com *.fontawesome.com *.sodatech.net *.sodatech.com app-wallee.com d.ratepay.com www.jsctool.com maps.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.google.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com widget.packeta.com https://static-eu.payments-amazon.com/checkout.js https://*.yieldify.com https://www.googleoptimize.com/optimize.js https://custom.yieldify.com/v1/100510/100822/3d9a49d0c2/bundle.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://tpc.googlesyndication.com/sodar/1s9mPOHO.js https://*.adform.net https://*.seznam.cz https://analytics.tiktok.com/ https://*.hotjar.io https://*.pinimg.com https://*.daktela.com https://www.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com https://fonts.googleapis.com/ *.sharethis.com display.ugc.bazaarvoice.com *.fonts.net *.postcodeanywhere.co.uk *.cloudfront.net *.cloudflare.com *.sodatech.com *.sodatech.net *.googleapis.com *.getfirebug.com d.ratepay.com unsafe-inline assets.braintreegateway.com *.gstatic.com tagmanager.google.com widget.packeta.com https://*.hotjar.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.bolt.com *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.adyen.com *.sharethis.com *.googleapis.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.paypal.com *.postcodeanywhere.co.uk *.ratepay.com *.luckyorange.net *.cookiepro.com *.mfgroup.ch *.doubleclick.net *.visitors.live wss://in.visitors.live wss://visitors.live wss://in.visitors.live/ wss://visitors.live/ visitors.live *.taboola.com *.demdex.net *.omtrdc.net *.magento.com *.adobe.net *.adobedtm.com *.adobedc.net *.typekit.net *.magedevteam.com *.sodatech.com *.sodatech.net *.teads.tv d.ratepay.com www.jsctool.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com https://www.google-analytics.com https://*.criteo.com https://*.hotjar.io https://cdn.stickyadstv.com https://*.ads.linkedin.com https://snap.licdn.com *.analytics.google.com https://*.r66net.com https://*.yieldify.com wss://*.hotjar.io https://geolocation.onetrust.com https://*.googleapis.com https://*.daktela.com https://cdn.tailwindcss.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com https://cdn.tailwindcss.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src 'self' wss: *.gravatar.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googletagmanager.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com; img-src 'self' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com data:; font-src 'self' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com data:; form-action 'self'; frame-ancestors 'self'; 3
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 3
font-src maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com www.googletagmanager.com *.adyen.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com https://api.mapbox.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com *.adyen.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com autocomplete2.postdirekt.de 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
upgrade-insecure-requests; default-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval'; 3
font-src 'self' https: data:; report-uri https://o98504.ingest.sentry.io/api/5871000/security/?sentry_key=7d320f4323694d468bd1a75eba48d37f&sentry_environment=production 3
font-src https://js.klevu.com *.googleapis.com *.hotjar.com dhv2ziothpgrr.cloudfront.net *.klevu.com *.ksearchnet.com use.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com *.yotpo.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.ometria.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com account.fetchify.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.hotjar.com https://9957200.fls.doubleclick.net https://danv01ao0kdr2.cloudfront.net https://dj3zaulksz6yg.cloudfront.net *.brandlock.io *.braintreegateway.com *.klarna.com https://accounts.google.com *.mention-me.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://www.incontinencechoice.co.uk https://prod.choiceadmin.co.uk https://staging.choiceadmin.co.uk https://admin.vivactive.com https://trk.ometria.com *.brandlock.io https://www.google.com https://bat.bing.com https://pixel.quantserve.com https://www.facebook.com *.googleapis.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://s3-eu-west-1.amazonaws.com dhv2ziothpgrr.cloudfront.net *.klevu.com *.ksearchnet.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://cdn.ometria.com *.hotjar.com cdnjs.cloudflare.com https://js.klevu.com/ https://bat.bing.com https://secure.quantserve.com https://www.gstatic.com https://connect.facebook.net https://dj3zaulksz6yg.cloudfront.net *.brandlock.io https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://songbirdstag.cardinalcommerce.com https://www.googleoptimize.com https://cdn.oribi.io https://app.factors.ai https://rules.quantcount.com https://googleads.g.doubleclick.net https://www.clarity.ms *.googleapis.com https://www.googletagmanager.com/gtag/js *.klarna.com *.klarnacdn.net https://accounts.google.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net https://tag.rmp.rakuten.com js.klevu.com *.ksearchnet.com *.mention-me.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cc-cdn.com assets.braintreegateway.com *.googleapis.com *.hotjar.com https://accounts.google.com https://www.gstatic.com dhv2ziothpgrr.cloudfront.net *.klevu.com *.ksearchnet.com *.yotpo.com swellrewards.com *.swellrewards.com fonts.googleapis.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://payments.sandbox.braintree-api.com https://api.sandbox.braintreegateway.com https://origin-analytics-sand.sandbox.braintree-api.com/ https://danv01ao0kdr2.cloudfront.net *.brandlock.io https://cdn-ukwest.onetrust.com https://privacyportal-uk.onetrust.com *.google-analytics.com https://stats.g.doubleclick.net https://www.paypal.com https://geolocation.onetrust.com *.hotjar.com *.hotjar.io wss://*.hotjar.com https://api.factors.ai https://b.clarity.ms *.googleapis.com *.klarnaevt.com https://accounts.google.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com *.klevu.com *.ksearchnet.com *.mention-me.com *.ometria.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
font-src *.fontawesome.com data: *.gstatic.com *.photoslurp.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.facebook.com *.mediquo.com *.hotjar.com *.criteo.com *.google.com *.clic2buy.com *.vimeo.com *.photoslurp.com *.sitescout.com *.criteo.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com cdn.doofinder.com *.cloudfront.net *.amazonaws.com *.bing.com *.facebook.com widget-mediator.zopim.com *.swogo.net *.criteo.com *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.photoslurp.com *.googleusercontent.com *.clarity.ms *.smartadserver.com *.bidswitch.net *.adnxs.com *.casalemedia.com *.360yield.com *.media.net *.mediavine.com *.outbrain.com *.pubmatic.com *.rubiconproject.com *.sharethrough.com *.taboola.com *.teads.tv *.3lift.com *.yahoo.com *.adform.net *.omnitagjs.com id5-sync.com *.yieldlab.net *.yieldmo.com *.demdex.net *.krxd.net *.thebrighttag.com *.sitescout.com *.sanity.io data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com cdn.doofinder.com *.naturitas.com naturitas.slgnt.eu static.zdassets.com bat.bing.com connect.facebook.net *.swogo.net *.hotjar.com *.mediquo.com static.criteo.net *.criteo.com *.typeform.com *.clic2buy.com polyfill.io *.googleapis.com *.google.com *.google.es *.google.com.br *.googleoptimize.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.photoslurp.com *.clarity.ms *.pixel.ad *.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.doofinder.com *.fontawesome.com *.googleapis.com *.photoslurp.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.doofinder.com wss://*.doofinder.com *.naturitas.com *.naturitas.es naturitas-atc.zendesk.com ekr.zdassets.com wss://widget-mediator.zopim.com *.swogo.net *.googlesyndication.com *.hotjar.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.photoslurp.com *.clarity.ms *.apicdn.sanity.io *.api.sanity.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src 'self'; img-src * data: blob:; style-src * 'unsafe-inline' blob: https://fonts.googleapis.com; font-src 'self' data: https://fonts.bunny.net https://fonts.gstatic.com https://cuatro.sim-cdn.nl https://cuatro.sim-cdn-acceptatie.nl https://cuatro.sim-cdn-test.nl; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; form-action 'self'; media-src https://*.readspeaker.com https://*.streamlock.net https://storage.googleapis.com https://scribit-pro-hosting.storage.googleapis.com https://scribit-pro.storage.googleapis.com https://app.talkjs.com 'self' blob:; frame-src *; frame-ancestors 'self'; worker-src * 'unsafe-inline' blob:; report-uri /api/csp-report 3
script-src-elem 'unsafe-inline' lampenlicht.test test.lampenlicht.nl hyva.test.lampenlicht.nl lampenlicht.nl *.lampenlicht.nl assets.calendly.com *.convertexperiments.com imgsct.cookiebot.com cdn.evgnet.com connect.getflowbox.com consent.cookiebot.com consentcdn.cookiebot.com fpjscdn.net maps.googleapis.com www.google.com www.googletagmanager.com www.gstatic.com pagead2.googlesyndication.com *.trustedshops.com static.cloudflareinsights.com; font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net *.fontawesome.com lampenlicht.nl *.lampenlicht.nl data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.adyen.com https://plumrocket.com consentcdn.cookiebot.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io *.adyen.com lampenlicht.nl *.lampenlicht.nl eprel.ec.europa.eu cdn.flbx.io *.cloudfront.net imgsct.cookiebot.com *.trustedshops.com www.keurmerk.info *.fittinq.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.adyen.com *.avada.io lampenlicht.nl *.lampenlicht.nl *.webeyez.com firehose.eu-west-1.amazonaws.com cognito-identity.eu-west-1.amazonaws.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io *.adyen.com https://get.geojs.io *.avada.io lampenlicht.nl *.lampenlicht.nl *.webeyez.com firehose.eu-west-1.amazonaws.com cognito-identity.eu-west-1.amazonaws.com *.getflowbox.com *.trustedshops.com eu.api.fpjs.io maps.googleapis.com pagead2.googlesyndication.com *.google-analytics.com consentcdn.cookiebot.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src 'self' data: https: 'unsafe-inline'; connect-src https: wss: 'unsafe-inline'; report-uri https://hi.report-uri.com/r/d/csp/reportOnly 3
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-to blogspot; report-uri https://draft.blogger.com/cspreport 3
default-src 'self' https: mcdn.pybydl.com; font-src 'self' https: data:; img-src 'self' https: data: mcdn.pybydl.com; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' mcdn.pybydl.com; style-src 'self' https: 'unsafe-inline' mcdn.pybydl.com; frame-src 'self' https: http: data:; connect-src 'self' https: wss: www.mc-win888.com; report-uri /csp_reports 3
default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; frame-ancestors 'self'; report-uri https://stoklasa.report-uri.io/r/default/csp/reportOnly 3
report-uri https://mon.us.tiktokv.com/monitor_browser/collect/batch/security/?bid=tiktok_pns&ev_type=csp&revision=52c5e353-14be-4487-9f40-543777a8b973;report-to csp-endpoint;default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: bytedance: data: wss://*.tiktok.com wss://*.tiktokv.com wss://*.tiktokv.eu wss://tiktok.com wss://tiktokv.com *.akamaized.net *.amazonaws.com *.bing.com *.bitssec.com *.braintree-api.com *.braintreegateway.com *.capcut.com *.cloudflare.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.fbsbx.com *.fcdnstatic-intl.com *.fdmstatic.com *.g-p-static.com *.gauthmath.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.jumio.ai *.kakao.com *.lemon8-app.com *.lemon8cdn.com *.licdn.com *.linkedin.com *.muscdn.com *.musical.ly *.oecstatic.com *.omise.co *.pangle-ads.com *.paypal.com *.pipopay.com *.pipopayment.us *.redditstatic.com *.resso.me *.soundon.global *.tableau.com *.tiktok.com *.tiktok.ru *.tiktok.vn *.tiktokapis.com *.tiktokcdn-eu.com *.tiktokcdn-in.com *.tiktokcdn-us.com *.tiktokcdn.com *.tiktokforbusinessoutbound.com *.tiktokglobalshop.com *.tiktokmusic.me *.tiktokshop.com *.tiktokstaticb.com *.tiktokus.info *.tiktokv.com *.tiktokv.eu *.tiktokv.us *.tiktokw.eu *.tiktokw.us *.topbuzzcdn.com *.ttlivecdn.com *.ttlstatic.com *.ttwstatic.com *.twitter.com *.vimeo.com *.vodupload.com *.yahoo.co.jp facebook.com t.co tikitoks.com tiktok.com tiktok.ua tiktok.vn tiktokfollowersfree.com tiktokv.com twitter.com unpkg.com;script-src 'unsafe-eval' *.tiktokcdn-us.com s20.tiktokcdn.com;worker-src www.tiktok.com/business/sw.js www.tiktok.com/embed/sw.js www.tiktok.com/firebase-messaging-sw.js www.tiktok.com/sw.js 2
script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: data: https:; style-src 'self' 'unsafe-inline' blob: data: https:; default-src 'self' https:; img-src https: blob: data: android-webview-video-poster:; frame-src blob: data: https:; worker-src blob: data: https:; child-src blob: data: https:; object-src 'self'; font-src 'self' https: blob: data: safari-extension://*; media-src 'self' blob: data: https:; connect-src wss: blob: data: https:; report-uri /csp_ep 2
frame-ancestors 'self' https://*.ps.kz; report-to /_/csp-report; 2
default-src 'self' wdr.de *.wdr.de ; img-src * data: ; script-src 'self' wdr.de *.wdr.de 'unsafe-inline' 'unsafe-eval' cdn.bunchbox.co script.ioam.de *.de.ioam.de de-config.sensic.net cdn-gl.nmrodam.com  www.bing.com cdn.ampproject.org cdn.tickaroo.com dev.virtualearth.net connect.facebook.net platform.twitter.com www.instagram.com www.gstatic.com www.tagesschau.de wdr.wdrmg-digital.de ; style-src 'self' wdr.de *.wdr.de 'unsafe-inline' wdr.wdrmg-digital.de *.tickaroo.com ; font-src  'self' wdr.de *.wdr.de data: fonts.gstatic.com/ ; media-src 'self' wdr.de *.wdr.de *.icecastssl.wdr.de wdrmedien-a.akamaihd.net wdradaptiv-vh.akamaihd.net *.akamaized.net blob: ; frame-src 'self' wdr.de *.wdr.de  cdn-gl.nmrodam.com de-config.sensic.net www.youtube-nocookie.com platform.twitter.com datawrapper.dwcdn.net www.instagram.com www.facebook.com www.tagesschau.de *.tickaroo.com ; connect-src 'self' wdr.de *.wdr.de *.planet-wissen.de wdrmedien-a.akamaihd.net wdradaptiv-vh.akamaihd.net www.tageschau.de cdn.ampproject.org *.akamaized.net *.sensic.net *.tickaroo.com ; child-src  'self' wdr.de *.wdr.de blob: ; frame-ancestors  'self' wdr.de *.wdr.de ; object-src 'self' wdr.de *.wdr.de ; manifest-src 'self' wdr.de *.wdr.de ; report-uri https://www.wdr.de/php/csp-reporting/logcspr.php 2
default-src 'self' *.pinduoduo.com *.pddpic.com *.yangkeduo.com *.pddugc.com *.pinduoduo.net *.v.smtcdns.net *.ourdvsss.com wss://*.pinduoduo.com wss://*.yangkeduo.com mapstyle.qpic.cn blob: data: 'unsafe-eval' 'unsafe-inline'; report-uri https://tc.pinduoduo.com/x.gif 2
block-all-mixed-content; report-uri https://dmgm.report-uri.com/r/t/csp/reportOnly 2
default-src https: 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.facebook.com services.postcodeanywhere.co.uk *.clarity.ms *.ads-twitter.com *.licdn.com *.adnxs.com *.onetrust.com perf-na1.hsforms.com forms-na1.hsforms.com api.omappapi.com a.opmnstr.com adservice.google.com api.hubapi.com b.6sc.co www.clickcease.com www.google.com t.co *.hubspot.com c.6sc.co js.sentry-cdn.com www.google.co.uk *.azure.com *.wistia.com js.hs-banner.com tag.demandbase.com *.bidr.io *.linkedin.com js.hsforms.net snippet.maze.co prompts.maze.co *.twitter.com tracking.g2crowd.com scout-cdn.salesloft.com forms.hsforms.com js.hs-scripts.com *.gbgplc.com cdnjs.cloudflare.com www.googletagmanager.com a.omappapi.com api.company-target.com scout.salesloft.com js.hsadspixel.net *.doubleclick.net epsilon.6sense.com cdn.jsdelivr.net j.6sc.co id.rlcdn.com vc.hotjar.io unpkg.com ipv6.6sc.co secure.imaginative-24.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https://* data: ; frame-src https://* about: javascript: 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: analytics.google.com *.facebook.com www.youtube.com www.google-analytics.com *.pinterest.com cdn.inpwrd.net s.yimg.com stats.wpmucdn.com www.google.ca www.googletagmanager.com *.googleapis.com stats1.wpmudev.com *.adswizz.com content.interac.ca *.doubleclick.net *.linkedin.com adservice.google.com content.inpwrd.net www.interac.ca *.pinimg.com w.soundcloud.com loadus.exelator.com use.typekit.net *.gstatic.com *.facebook.net unpkg.com sp.analytics.yahoo.com www.google.com.br www.google.com p.typekit.net *.licdn.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2
default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn.cookielaw.org https://www.datadoghq-browser-agent.com https://assets.adobedtm.com https://www.googletagmanager.com https://www.google.com https://snap.licdn.com https://action.dstillery.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://js.adsrvr.org https://s.yimg.com https://bat.bing.com https://connect.facebook.net https://action.media6degrees.com *.inpwrd.net https://cdn.evgnet.com; style-src 'self' 'unsafe-inline' https://cdn.cookielaw.org cookie-cdn.cookiepro.com privacyportal.onetrust.com geolocation.onetrust.com assets.adobedtm.com https://fonts.googleapis.com; connect-src 'self' *.netjets.com https://browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://netjets.tt.omtrdc.net https://px.ads.linkedin.com https://s.yimg.com https://dpm.demdex.net https://bat.bing.com https://netjetsservices.us-5.evergage.com https://privacyportal.onetrust.com https://www.google.com https://googleads.g.doubleclick.net https://www.facebook.com; frame-src https://netjets.demdex.net *.doubleclick.net https://www.googletagmanager.com *.adsrvr.org https://www.youtube.com https://vrcloud.com; object-src 'none'; img-src 'self' data: *.google-analytics.com https://cdn.cookielaw.org https://za5jzhla73.execute-api.us-east-1.amazonaws.com https://6zf7b56x55.execute-api.us-east-1.amazonaws.com https://c64djon8lb.execute-api.us-east-1.amazonaws.com https://netjets-dev-corp-site-us-east-1.s3.amazonaws.com https://netjets-qa-corp-site-us-east-1.s3.amazonaws.com https://netjets-prod-corp-site-us-east-1.s3.amazonaws.com https://beacon.lynx.cognitivlabs.com https://arttrk.com https://insight.adsrvr.org https://content.inpwrd.net https://tag.yieldoptimizer.com https://saadata.netjets.com *.doubleclick.net https://sp.analytics.yahoo.com *.google.com https://bat.bing.com https://www.googletagmanager.com https://cm.everesttech.net https://dpm.demdex.net *.adnxs.com *.linkedin.com https://usermatch.krxd.net https://www.facebook.com; worker-src 'self'; media-src 'self' https://za5jzhla73.execute-api.us-east-1.amazonaws.com https://6zf7b56x55.execute-api.us-east-1.amazonaws.com https://c64djon8lb.execute-api.us-east-1.amazonaws.com https://netjets-dev-corp-site-us-east-1.s3.amazonaws.com https://netjets-qa-corp-site-us-east-1.s3.amazonaws.com https://netjets-prod-corp-site-us-east-1.s3.amazonaws.com; font-src 'self' https://fonts.gstatic.com; form-action 'self'; base-uri 'none'; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubb61413121040ab6931e3bb32a195b78a&dd-evp-origin=content-security-policy&ddsource=csp-report; 2
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.b0e8.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.bc0a.com *.elotouch.com www.elotouch.com elotouch.com *.google.lv data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.b0e8.com *.bc0a.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.recaptcha.net *.simpli.fi *.zi-scripts.com siteimproveanalytics.com *.pardot.com *.elotouch.com *.jsdelivr.net unpkg.com *.cloudflare.com *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com hello.myfonts.net *.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.elotouch.com elotouch.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.doubleclick.net *.zi-scripts.com *.zoominfo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
worker-src https: 'unsafe-inline'; report-uri https://api.mp.pl/csp-violation/ 2
default-src 'self' data: blob: https://*.bamboohr.com https://*.bamboohr.co.uk https://*.trustarc.com https://secure.feed5mown.com https://cdn.bizible.com https://bat.bing.com https://connect.facebook.com https://connect.facebook.net https://dbm.demdex.net https://bamboohr.demdex.net https://*.licdn.com https://*.hotjar.com https://tracking.g2crowd.com https://static.ads-twitter.com https://munchkin.marketo.com https://munchkin.marketo.net https://cdn.abrankings.com https://a.quora.com https://q.quora.com https://*.clarity.ms https://*.thebrightforks.com https://dx.mountain.com https://tag.clearbitscripts.com https://cdn.pdst.fm https://x.clearbitjs.com https://app.clearbitjs.com https://www.googletagmanager.com https://www.redditstatic.com https://snap.licdn.com https://www.google-analytics.com https://assets.adobedtm.com https://activitymap.adobe.com https://www.googleoptimize.com https://googleads.g.doubleclick.net https://abm-tracking.demandscience.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://match.prod.bidr.io https://bamboohr.zendesk.com https://*.zdassets.com https://assets.screensteps.com https://fast.wistia.com https://fast.wistia.net https://unpkg.com https://*.convertexperiments.com https://js.intercomcdn.com https://cdn.readme.io https://*.tiktok.com https://fonts.gstatic.com https://fonts.googleapis.com https://edge.adobedc.net https://adobedc.demdex.net https://stats.g.doubleclick.net https://www.google.com https://analytics.google.com https://*.mktoresp.com https://*.clearbit.com https://*.linkedin.com https://t.co https://*.twitter.com https://*.facebook.com https://tracking.contanuity.com https://c.bing.com https://*.hlx.page https://*.hlx.live https://bamboohr--webchat.sandbox.my.site.com https://bamboohr--webchat.sandbox.my.salesforce-scrt.com https://bamboohr.my.site.com https://bamboohr.my.salesforce-scrt.com https://js.driftt.com https://static.cloudflareinsights.com https://script.crazyegg.com https://rc-widget-frame.js.driftt.com https://arttrk.com https://intentstream.contanuity.com https://td.doubleclick.net https://bamboohr.com wss://ws.hotjar.com https://*.hotjar.io https://*.gstatic.com https://*.leandata.com https://195-loz-515.mktoutil.com https://*.bizibly.com https://*.google.com.ua https://www.google.ca https://www.getapp.com https://*.wistia.com https://*.honey.io https://boards.greenhouse.io https://*.ucweb.com https://qvdt3feo.com https://*.srv.stackadapt.com https://ct.capterra.com https://*.youtube.com https://*.googleadservices.com https://hook.us1.make.celonis.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat 'unsafe-inline' 'unsafe-eval'; report-uri https://app.bamboohr.com/ajax/parse_csp_report.php; report-to https://app.bamboohr.com/ajax/parse_csp_report.php; 2
report-to default; frame-src 'self' *.recaptcha.net *.olark.com; font-src 'self' data: *.olark.com; script-src 'self' 'unsafe-inline' *.true.nl *.googletagmanager.com *.google-analytics.com *.piwik.pro *.recaptcha.net *.gstatic.com *.bing.com *.olark.com *.youtube.com *.vimeo.com *.hotjar.com *.licdn.com *.clarity.ms *.pardot.com *.reddit.com *.redditstatic.com *.twitter.com *.t.co; img-src 'self' data: *.olark.com; media-src 'self' data: *.olark.com; object-src 'self'; default-src 'self' 'unsafe-inline' *.true.nl *.google-analytics.com *.piwik.pro *.olark.com *.pardot.com *.linkedin.com *.clarity.ms *.hotjar.com *.google.com *.doubleclick.net *.reddit.com *.redditstatic.com *.twitter.com *.t.co 2
default-src 'self';img-src * blob: data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bootstrapcdn.com *.typekit.net cdn.jsdelivr.net cdn.rlets.com cdnjs.cloudflare.com code.jquery.com js.hsforms.net www.googletagmanager.com *.wp.com *.mysanfordchart.org *.addthis.com *.adroll.com *.adsrvr.org *.ads-twitter.com *.clarity.ms *.cloudfront.net *.doubleclick.net *.fls.doubleclick.net *.formstack.com *.g.doubleclick.net *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.gstatic.com *.invocacdn.com *.liveperson.net *.lpsnmedia.net *.mpio.io *.onesignal.com *.qualtrics.com *.quantcount.com *.quantserve.com *.serving-sys.com *.simpli.fi *.siteintercept.qualtrics.com *.talentegy.com *.tvsquared.com *.twitter.com *.v.liveperson.net *.vimeo.com *.vimeocdn.com aa.agkn.com ajax.aspnetcdn.com analytics.talentegy.com assets.sitescdn.net az416426.vo.msecnd.net bat.bing.com cdn.mouseflow.com cdn.popt.in chimpstatic.com data.adxcel-ec2.com embed.typeform.com forms.hsforms.com js.hsadspixel.net js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net js.hsleadflows.net js.hs-scripts.com my.hellobar.com onesignal.com pixel.mathtag.com pixel.videohub.tv pnapi.invoca.net px.ads.linkedin.com rules.quantcount.com s.amazon-adsystem.com s.pinimg.com s3.amazonaws.com/checkout.squadup.com/default/css/bootstrap-namespace.min.css sanfordhealth.mdmatchup.com script.crazyegg.com sc-static.net sfapi.formstack.io siteimproveanalytics.com snap.licdn.com static.addtoany.com static.cloud.coveo.com tags.srv.stackadapt.com tracking.logpostback.com transparency.nrchealth.com trkn.us v1.addthisedge.com www.buzzsprout.com www.groupexpro.com www.youtube.com www.ypo.education/js/jsembedcode.js z.moatads.com;style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.fontawesome.com *.googleapis.com *.typekit.net cdn.jsdelivr.net cdnjs.cloudflare.com cloud.typography.com code.jquery.com www.googletagmanager.com *.mysanfordchart.org *.wp.com *.formstack.com *.gstatic.com *.vimeocdn.com cdn.thinglink.me checkout.stripe.com formsprod.azureedge.net onesignal.com static.cloud.coveo.com tags.srv.stackadapt.com www.groupexpro.com www.youtube.com;font-src 'self' data: *.fontawesome.com *.typekit.net cdn.jsdelivr.net cdnjs.cloudflare.com *.wp.com *.formstack.com *.gstatic.com *.googleusercontent.com static.cloud.coveo.com staticdev.cloud.coveo.com;frame-src 'self' cdn.jsdelivr.net cdn.rlets.com cdnjs.cloudflare.com www.googletagmanager.com *.wp.com tools.sanfordhealthplan.com *.mysanfordchart.org *.addthis.com *.adsrvr.org *.c.liveperson.net *.doubleclick.net *.fls.doubleclick.net *.formstack.com *.g.doubleclick.net *.google.com *.ipcamlive.com *.lpsnmedia.net *.snapchat.com *.soundcloud.com *.stripe.com *.twitter.com *.v.liveperson.net *.vimeo.com *.youtube.com cdn.onesignal.com e.issuu.com fast.wistia.net forms.hsforms.com host.visualcalc.com js.hsadspixel.net js.hsforms.net pixel.mathtag.com players.brightcove.net sanfordhealth.mdmatchup.com static.addtoany.com vimeo.com www.buzzsprout.com www.pinterest.ca www.pinterest.co.uk www.pinterest.com www.pinterest.fr www.pinterest.it www.pinterest.ph ct.pinterest.com www.thinglink.com;frame-ancestors 'self' *.mysanfordchart.org;connect-src 'self' cdn.jsdelivr.net cdn.rlets.com cdnjs.cloudflare.com cloud.typography.com code.jquery.com www.googletagmanager.com my.wpengine.com public-api.wordpress.com yoast.com *.addthis.com *.adroll.com *.clarity.ms *.doubleclick.net *.g.doubleclick.net *.gannettdigital.com *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.linkedin.oribi.io *.onesignal.com *.pinterest.com *.quantcount.com *.reachlocalservices.com *.serving-sys.com *.snapchat.com *.squadup.com *.twitter.com *.vimeocdn.com *.z1.dca0.com api.hubapi.com az416426.vo.msecnd.net bat.bing.com dc.services.visualstudio.com forms.hsforms.com forms.hubspot.com hubspot-forms-static-embed.s3.amazonaws.com js.hsadspixel.net js.hscollectedforms.net n2.mouseflow.com onesignal.com pnapi.invoca.net sanfordhealth.formstack.com sfapi.formstack.io usageanalytics.coveo.com analytics.cloud.coveo.com;form-action 'self' *.fontawesome.com cdnjs.cloudflare.com *.sanfordhealthfoundation.org my.wpengine.com yoast.com *.adroll.com *.doubleclick.net *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.pinterest.com *.serving-sys.com *.snapchat.com *.vimeocdn.com api.hubapi.com forms.hsforms.com forms.hubspot.com hubspot-forms-static-embed.s3.amazonaws.com;media-src * data:;object-src 'none';report-uri https://csp-reporting.sanfordhealth.org/; 2
font-src 'self'; frame-src 'self'; img-src 'self' data: https://img.airtel.tv https://moe-email-campaigns.s3.amazonaws.com https://image.moengage.com; style-src report-sample 'self' 'unsafe-inline'; script-src report-sample 'self' 'unsafe-inline' https://app.link/_r https://cdn.branch.io/branch-latest.min.js https://www.googletagmanager.com/gtag/js https://cdn.moengage.com/webpush/moe_webSdk.min.latest.js https://cdn.moengage.com/webpush/modules/inapp.js https://cdn.moengage.com/webpush/beta/sdk.inapp.cdnHelper.js https://cdn.moengage.com/webpush/releases/serviceworker_cdn.min.latest.js https://cdn.moengage.com/webpush/moe_webSdk_cards.min.latest.js https://cdn.moengage.com/webpush/moe_webSdk_webp.min.latest.js; 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.epayworldwide.com imgsct.cookiebot.com consent.cookiebot.com www.googletagmanager.com *.googleapis.com consentcdn.cookiebot.com *.gstatic.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2
default-src 'self' 'unsafe-inline'  'unsafe-eval' https://snap.licdn.com *.willistowerswatson *.wtwco.com https://www.google-analytics.com https://cdn.cookielaw.org https://www.googletagmanager.com  *.coveo.com https://players.brightcove.net *.doubleclick.net https://munchkin.marketo.net https://bat.bing.com *.facebook.net *.facebook.com https://siteimproveanalytics.com *.linkedin.com *.mktoresp.com *.siteimproveanalytics.io data: blob:;report-uri /custom/api/csp/logviolation 2
default-src 'self' *.wistia.com *.wistia.net embedwistia-a.akamaihd.net/ https://fonts.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://edge.fullstory.com https://rs.fullstory.com https://ajax.googleapis.com/ https://first.iovation.com/ https://mpsnare.iesnare.com/ https://128-koi-090.mktoresp.com/ *.gskydev.net *.gskydev.com https://auth.prod.greensky.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://code.jquery.com https://cdn.jsdelivr.net https://pages.greenskycredit.com https://www.google.com/ https://www.gstatic.com https://cdnjs.cloudflare.com https://app-ab27.marketo.com https://munchkin.marketo.net https://abrtp1-cdn.marketo.com blob: http://static.site24x7rum.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com *.wistia.com https://rtp-static.marketo.com https://abrtp1.marketo.com https://js.driftt.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://pages.greenskycredit.com/ https://cdn.jsdelivr.net/ https://www.greensky.com/ *.gskydev.com *.gskydev.net https://use.fontawesome.com/ https://pro.fontawesome.com/ https://rtp-static.marketo.com/ https://fonts.googleapis.com/ https://fonts.googleapis.com/css/ https://app-ab27.marketo.com/ https://munchkin.marketo.net; font-src 'self' https://cdnjs.cloudflare.com https://pro.fontawesome.com/ data: https://fonts.gstatic.com https://fast.wistia.com https://use.fontawesome.com; img-src 'self' https://www.googletagmanager.com https://rs.fullstory.com *.greensky.com/ *.gskydev.com/ *.gskydev.net/ https://embed-ssl.wistia.com data: https://www.google-analytics.com https://stats.g.doubleclick.net https://fast.wistia.com https://greensky.dotcmscloud.com https://*.greensky.dotcmscloud.com embedwistia-a.akamaihd.net/ https://embed-fastly.wistia.com http://embed.wistia.com/ https://www.google.com https://www.google.de https://app-ab27.marketo.com https://pages.greenskycredit.com; media-src 'self' blob: https://js.driftt.com; frame-src 'self' https://pages.greenskycredit.com/ https://app-ab27.marketo.com/ https://www.google.com/ https://js.driftt.com; connect-src 'self' https://analytics.google.com https://edge.fullstory.com https://rs.fullstory.com *.gskydev.com/ *.gskydev.net/ https://128-koi-090.mktoresp.com/ https://abrtp1.marketo.com https://*.google-analytics.com https://stats.g.doubleclick.net *.greensky.dotcmscloud.com https://greensky.dotcmscloud.com *.greensky.com *.litix.io embedwistia-a.akamaihd.net/ *.wistia.com https://128-koi-090.mktoresp.com; object-src 'self' https://app-ab27.marketo.com/ ; base-uri 'self';manifest-src 'self'; worker-src 'none'; report-to https://www.greensky.com 2
default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; report-uri https://sp.report-uri.com/r/default/csp/reportOnly 2
default-src https: 'self' data: blob:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline' blob:; report-uri https://services.fandom.com/csp-logger/csp/f2 2
report-uri https://52723791ca12811bfedec52ea4c44290.report-uri.com/r/d/csp/reportOnly; default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline'; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem * 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src * blob:; object-src 'none'; frame-src *; frame-ancestors *; form-action 'self' 2
default-src 'self' 'unsafe-inline' hcfmhvpbqfb6.statuspage.io iwantmyname.com www.gstatic.com *.iwantmyname.com *.centralnicgroup.com ; connect-src 'self' data: adblockers.opera-mini.net api.adblocknext.com api.awesomeblocker.com api.iwantmyname.com assets.evrpg.com cdn.honey.io cdn.rawgit.com cdn.siftscience.com fonts.googleapis.com hcfmhvpbqfb6.statuspage.io iwantmyname.com mozbar.moz.com perf-eu1.hsforms.com region1.analytics.google.com rum.optimizely.com stats.g.doubleclick.net translate.googleapis.com view.light-speed.com wss://api.iwantmyname.com *.hubspot.com *.analytics.google.com *.google-analytics.com *.statuspage.io *.centralnicgroup.com * ; img-src 'self' data: about: cdn.honey.io fonts.googleapis.com fonts.gstatic.com hexagon-analytics.com images.iwantmyname.com perf-eu1.hsforms.com region1.analytics.google.com shareasale.com syndication.twitter.com translate.google.com use.fontawesome.com www.googletagmanager.com *.hubspot.com *.analytics.google.com *.google-analytics.com *.typekit.net * ; font-src 'self' data: assets.evrpg.com cdn.honey.io fonts.googleapis.com fonts.gstatic.com ncspublicasset.s3.eu-west-3.amazonaws.com pro.fontawesome.com ray.st region1.analytics.google.com use.fontawesome.com use.typekit.net *.analytics.google.com *.google-analytics.com * ; media-src 'self' data: ; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net pro.fontawesome.com * ; style-src-elem 'self' 'unsafe-inline' adblockers.opera-mini.net cdn.honey.io cdn.jsdelivr.net cdn.rawgit.com fonts.googleapis.com fonts.gstatic.com gc.kis.v2.scr.kaspersky-labs.com iwantmyname.com js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hsleadflows.net js-eu1.usemessages.com js.hs-scripts.com pro.fontawesome.com s7.addthis.com translate.google.com use.fontawesome.com www.google-analytics.com *.hubspot.com *.centralnicgroup.com * ; frame-src 'self' *.google.com hcfmhvpbqfb6.statuspage.io mozbar.moz.com platform.twitter.com region1.analytics.google.com webmarshal.home www.googletagmanager.com *.analytics.google.com *.google-analytics.com * ; worker-src 'self' blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com api.getvero.com cdn.honey.io cdn.optimizely.com cdn.rawgit.com cdn.siftscience.com cdn.statuspage.io cdnjs.cloudflare.com hcfmhvpbqfb6.statuspage.io iwantmyname.com js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hs-scripts.com js-eu1.hsleadflows.net js-eu1.usemessages.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsleadflows.net platform.twitter.com s7.addthis.com statuspage-production.s3.amazonaws.com translate.googleapis.com use.typekit.net view.light-speed.com www.google.com www.gstatic.com *.cloudfront.net *.hubspot.com *.googletagmanager.com *.analytics.google.com *.google-analytics.com *.centralnicgroup.com * ; report-uri https://iwantmyname.com/CSP_report; 2
font-src https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com https://*.dpdconnect.nl https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com https://static.buckaroo.nl https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com www.magmodules.eu *.squeezely.tech ts.tradetracker.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://*.dpdconnect.nl s7.addthis.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io *.googletagmanager.com tagmanager.google.com squeezely.tech www.squeezely.tech *.squeezely.tech tm.tradetracker.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl ekr.zdassets.com/ https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com squeezely.tech *.squeezely.tech 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://8a41912f-2069-471c-8cfc-be803d04015d.sansec.watch/; report-to report-endpoint; 2
default-src 'self' blob: https://staffbase.com https://s15952.pcdn.co; report-uri https://casper-de1.staffbase.com/report/staffbase.com; script-src 'report-sample' 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://analytics.twitter.com https://bat.bing.com https://cdn.cookielaw.org https://cdn.linkedin.oribi.io/34930/ https://cdnjs.cloudflare.com/ajax/libs/dompurify/ https://connect.facebook.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.hubspot.com https://js.hscta.net https://*.hubspot.net https://*.hsforms.com https://googleads.g.doubleclick.net https://hackerone.com https://npmcdn.com/pikasso@4.2.0/build/umd.min.js https://pikasso-preview.bananatag.com https://j.6sc.co https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.hsforms.net https://*.hsleadflows.net https://*.qualified.com https://maps.googleapis.com https://okt.to/ping https://rum-static.pingdom.net https://snap.licdn.com https://static.ads-twitter.com https://static.oktopost.com/oktrk.js https://tagmanager.google.com https://tags.clickagy.com/data.js https://tracking.g2crowd.com https://ws.zoominfo.com https://www.gartner.com/reviews/public/Widget/js/widget.js https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://s15952.pcdn.co; font-src 'self' data: application/x-font-woff https://*.google-analytics.com https://cdn.getspeechify.com/hosted-fonts/GreycliffCF-*.woff2 https://fonts.staffbase.com https://www.gartner.com https://s15952.pcdn.co; img-src 'self' data: image/svg+xml https: https://s15952.pcdn.co; style-src https: 'self' 'unsafe-inline' 'report-sample'; connect-src https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat  'self' https://*.google-analytics.com https://*.pingdom.net https://*.ads.linkedin.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://aorta.clickagy.com/data https://api.ipstack.com https://app.qualified.com https://bat.bing.com https://*.6sc.co https://cdn.cookielaw.org https://cdn.linkedin.oribi.io/partner/34930/domain/staffbase.com/token https://*.hubapi.com https://js.hscta.net https://*.hsforms.com https://*.hubspot.com https://geolocation.onetrust.com https://hackerone.com https://hemsync.clickagy.com/external/hasHashes https://hubspot-forms-static-embed.s3.amazonaws.com https://*.6sc.co https://*.6sense.com https://*.hs-banner.com https://*.linkedin.oribi.io/event https://tracking.g2crowd.com https://privacyportal.onetrust.com https://secure.adnxs.com/getuidj https://staffbase-privacy-request.my.onetrust.com/request/v1/consentreceipts https://stats.g.doubleclick.net https://ws.zoominfo.com/pixel/collect https://www.facebook.com wss://app.qualified.com wss://ws.qualified.com https://s15952.pcdn.co; frame-src https:; media-src https:; frame-ancestors 'none'; object-src 'none'; 2
base-uri 'self'; connect-src 'self' https://*.google.com https://ada.matomo.cloud https://boards-api.greenhouse.io https://images.prismic.io https://o43253.ingest.sentry.io https://pagead2.googlesyndication.com https://www.gstatic.com https://bat.bing.com https://*.clarity.ms; default-src 'self'; font-src 'self'; form-action 'none'; frame-ancestors 'none'; frame-src https://*.enterprise.ada.com https://boards.greenhouse.io https://insight.adsrvr.org https://td.doubleclick.net https://tpc.googlesyndication.com https://www.youtube-nocookie.com; img-src 'self' data: https://ada.matomo.cloud https://adahealth.cdn.prismic.io https://assets.ada.com https://connect.facebook.net https://googleads.g.doubleclick.net https://images.prismic.io https://prismic-io.s3.amazonaws.com https://www.facebook.com https://pagead2.googlesyndication.com https://adservice.google.com https://www.google.com https://www.googletagmanager.com https://bat.bing.com https://*.clarity.ms; manifest-src 'self'; media-src 'self' https://adahealth.cdn.prismic.io; script-src 'self' 'unsafe-inline' https://*.matomo.cloud https://boards.greenhouse.io https://connect.facebook.net https://googleads.g.doubleclick.net https://js.adsrvr.org https://tpc.googlesyndication.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com https://bat.bing.com https://www.clarity.ms; style-src 'self' 'unsafe-inline'; 2
font-src *.fontawesome.com *.gstatic.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.trustpilot.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.adyen.com https://maps.gstatic.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.trustpilot.com https://maps.googleapis.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.googleapis.com *.google.com *.gstatic.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com *.trustpilot.com *.googleapis.com *.google.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.adyen.com https://maps.googleapis.com https://*.ingest.sentry.io http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ws: wss: https:; report-uri https://l.iplsc.com/logger/ 2
default-src 'self' blob: *; img-src 'self' data: *; script-src 'self' blob: * 'unsafe-inline' 'unsafe-eval'; style-src 'self' * 'unsafe-inline'; font-src 'self' data: *; connect-src *; frame-ancestors 'self'; base-uri 'self'; form-action 'self' 2
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com  *.bootstrapcdn.com  *.cloudflare.com  fonts.gstatic.com  'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *  www.facebook.com  'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com  td.doubleclick.net  'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.paypal.com *.gstatic.com *.googleapis.com  www.google.rs   www.google.nl   www.google.fr   www.google.de   www.google.be   trengo.s3.eu-central-1.amazonaws.com  data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com tagmanager.google.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/  *.widget.trengo.eu   *.googleapis.com  s7.addthis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com fonts.googleapis.com  *.googleapis.com   *.bootstrapcdn.com  'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.widget.trengo.eu 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com *.googleapis.com  *.google-analytics.com   api.widget.trengo.eu   *.googleapis.com   stats.g.doubleclick.net  ekr.zdassets.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src * 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bat.bing.com *.facebook.com components.otstatic.com *.azureedge.net www.googletagmanager.com cdn.otstatic.com *.cloudfront.net adservice.google.com *.clarity.ms *.onetrust.com cdn.cookielaw.org static.boydgaming.net www.google-analytics.com ad.ipredictive.com *.googleapis.com api-engage-us.sitecorecloud.io *.gstatic.com www.google.com menus.singleplatform.com oc-registry.opentable.com twin-iq.kickfire.com assets.adobedtm.com *.facebook.net *.boydgaming.com cdnjs.cloudflare.com www.opentable.com places.singleplatform.com www.youtube.com *.doubleclick.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2
default-src 'self' http: https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; 2
default-src 'self' https://scripts.sirv.com; font-src 'self' data: https://scripts.sirv.com; connect-src blob: 'self' https://assets.manufactum.de/ https://assets.magazin.com/ https://manufactum.sirv.com https://video.sirv.com https://scripts.sirv.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.de https://ga-storage.manufactum.de https://connect.facebook.net https://www.facebook.com https://s.pinimg.com https://ct.pinterest.com; img-src 'self' data: https://assets.manufactum.de/ https://assets.magazin.com/ https://manufactum.sirv.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.de https://ga-storage.manufactum.de https://www.facebook.com https://s.pinimg.com https://ct.pinterest.com; child-src blob: https://*.computop-paygate.com https://*.adition.com https://s3.eu-central-1.amazonaws.com/esomecdn/60 https://www.google.com/maps/ https://test-brot-und-butter.mfdp.io https://www.brot-und-butter.de https://www.facebook.com; frame-src 'self' blob: https://*.computop-paygate.com https://bid.g.doubleclick.net https://*.adition.com https://s3.eu-central-1.amazonaws.com/esomecdn/60 https://www.google.com/maps/ https://test-brot-und-butter.mfdp.io https://www.brot-und-butter.de https://www.facebook.com https://manufactum.sirv.com; worker-src blob:; media-src blob: data: 'self' https://assets.manufactum.de https://assets.magazin.com https://video.sirv.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://scripts.sirv.com https://video.sirv.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://region1.google-analytics.com  https://ga-storage.manufactum.de https://www.googleadservices.com https://adservice.google.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.de https://s.pinimg.com https://ct.pinterest.com https://connect.facebook.net https://assets.manufactum.de https://assets.magazin.com https://manufactum.sirv.com https://cdn.epoq.de/flow/ https://*.arc.epoq.de/inbound-servletapi/ 'sha256-5VP9uvxfmd5dWHD/h/zPZJ0tXqP+FDE3PkUEK5ljc60=' 'sha256-wyAOKm4yiOxl/AA6YznUZtVrG0Rd+VWgvGm3fIlxPeo=' 'sha256-4MDHKMpGuDMac7ZezyhdYw+duJEFSzn0eI+w8GfulDY='; object-src 'none'; style-src 'self' 'unsafe-inline' https://scripts.sirv.com https://assets.manufactum.de https://assets.magazin.com https://manufactum.sirv.com ; report-uri /csp/sell; base-uri 'self' 2
default-src 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 2
default-src 'self'; script-src 'self' maps.googleapis.com *.youtube.com *.trustarc.com www.google-analytics.com www.googletagmanager.com cdnjs.cloudflare.com js-agent.newrelic.com bam.nr-data.net unpkg.com cdn.gbqofs.com *.cdn-net.com *.accdab.net *.worldpay.com https://static.cloudflareinsights.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' cdnjs.cloudflare.com 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' 'unsafe-inline' data: 'unsafe-eval' *.starbucks.eu maps.gstatic.com maps.googleapis.com *.trustarc.com www.googletagmanager.com www.google-analytics.com region1.google-analytics.com region1.analytics.google.com; media-src 'self'; frame-src 'self' gateway.switch.tj *.worldpay.com *.accdab.net *.trustarc.com *.youtube.com youtu.be *.starbucks.ie; font-src 'self' *.trustarc.com https://fonts.gstatic.com; connect-src 'self' maps.googleapis.com *.accdab.net *.trustarc.com bam.nr-data.net www.google-analytics.com region1.google-analytics.com region1.analytics.google.com report.starbucks.gbqofs.io stats.g.doubleclick.net https://adservice.google.com; report-uri /report-uri/enforce 2
font-src apps.bazaarvoice.com assets.tailwindapp.com at.alicdn.com cdn-uicons.flaticon.com cdnjs.cloudflare.com cdn.honey.io cdn.joinhoney.com cdn.scite.ai ecomm-cdn.trurating.com fast.wistia.com fast.wistia.net fonts.gstatic.com font.static.useinsider.com *.hotjar.com insight.adsrvr.org match.adsrvr.org pro.fontawesome.com shopping.qantas.com static.zipmoney.com.au www.slant.co zip-co-media.s3.ap-southeast-2.amazonaws.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com ct.pinterest.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com 12757253.fls.doubleclick.net 12761252.fls.doubleclick.net 6895031.fls.doubleclick.net 8219837.fls.doubleclick.net accentgroup.formstack.com analytics.tiktok.com aus59.dayforcehcm.com ausaz231.dayforcehcm.com connect.facebook.net *.criteo.com *.criteo.net ct.pinterest.com drwnt-pr11.ntschools.net gateway.zscalerthree.net www.googleapis.com insight.adsrvr.org insight.adsrvr.org.x.84c439f70e5c7046810abf7058a74d187b80.43d75326.id.opendns.com invidious.projectsegfau.lt match.adsrvr.org my.volumental.com ole.worldmanager.com portal.afterpay.com rcg.demdex.net safe.menlosecurity.com servedby.flashtalking.com socialq.net td.doubleclick.net theathletesfootau.api.useinsider.com theathletesfootnz.api.useinsider.com tpc.googlesyndication.com www.dayforcehcm.com www.facebook.com www.google.com yt.artemislena.eu 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://static.afterpay.com https://site-assets.afterpay.com/ display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com 1f2e7.v.fwmrm.net aa.agkn.com accentgroupsupport.zendesk.com ade.clmbtech.com adgen.socdm.com adservice.google.com adservice.google.com.au adservice.google.se ads.stickyadstv.com adx.dable.io ad.360yield.com ad.as.amanad.adtdp.com ad.doubleclick.net ad.tpmn.co.kr ad.yieldlab.net analytics.tiktok.com api.fillr.com assets.api.useinsider.com cdn.attraqt.io a.twiago.com bam.nr-data.net bat.bing.com beacon.krxd.net cdn.aralego.net cdn.honey.io cloud.shopback.com cms.quantserve.com cm.adform.net cm.adgrx.com cm.g.doubleclick.net connect.facebook.net contextual.media.net criteo-partners.tremorhub.com criteo-sync.teads.tv *.criteo.com *.criteo.net cs.adingo.jp ct.pinterest.com c.bing.com d3nocrch4qti4v.cloudfront.net developers.google.com df45ay5pw60dy.cloudfront.net dsum-sec.casalemedia.com duuytoqss3gu4.cloudfront.net e1.emxdgt.com eb2.3lift.com ecomm-cdn.trurating.com embed-ssl.wistia.com encrypted-tbn3.gstatic.com engage-assets.volumental.com exchange.mediavine.com fast.wistia.com fast.wistia.net fonts.gstatic.com hb.yahoo.net *.hotjar.com i6.liadm.com ib.adnxs.com id5-sync.com idsync.rlcdn.com image.useinsider.com insight.adsrvr.cn insight.adsrvr.org i.liadm.com jadserve.postrelease.com js-agent.newrelic.com khms0.googleapis.com khms1.googleapis.com lantern.roeye.com lh3.ggpht.com *.lightboxcdn.com log.api.useinsider.com log.pinterest.com maps.googleapis.com maps.gstatic.com matching.ivitrack.com match.adsrvr.org match.prod.bidr.io match.sharethrough.com media.littlebirdie.com.au p25.zdusercontent.com pagead2.googlesyndication.com partner.mediawallahscript.com photos-eu.bazaarvoice.com pixel-sync.sitescout.com pixel.rubiconproject.com pixel.tapad.com pm.w55c.net pos.baidu.com pr-bh.ybp.yahoo.com prf.hn rs.fullstory.com rtb-csync.smartadserver.com r.casalemedia.com s0.2mdn.net scontent.cdninstagram.com secure.adnxs.com sentinel.api.useinsider.com simage2.pubmatic.com sync-criteo.ads.yieldmo.com sync-t1.taboola.com sync.aralego.com sync.crwdcntrl.net sync.ipredictive.com sync.outbrain.com s.ad.smaato.net s.thebrighttag.com s.trackonomics.net tags.bluekai.com tapestry.tapad.com tg.socdm.com *.theathletesfoot.com.au *.theathletesfoot.co.nz translate.google.com trends.revcontent.com um.simpli.fi ups.analytics.yahoo.com visitor.omnitagjs.com wp-log.api.useinsider.com www.bing.com www.facebook.com www.google.ae www.google.al www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.bs www.google.bt www.google.by www.google.ca www.google.cd www.google.ch www.google.ci www.google.cl www.google.cn www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.br www.google.com.co www.google.com.cy www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mt www.google.com.mx www.google.com.my www.google.com.ng www.google.com.np www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.tz www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.iq www.google.it www.google.kg www.google.kz www.google.lk www.google.lt www.google.lu www.google.lv www.google.me www.google.mk www.google.mn www.google.mu www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.sr www.google.tn www.google.tt www.google.vu www.google.ws www.ist-track.com www.littlebirdie.com.au x.bidswitch.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com ad.doubleclick.net analytics.tiktok.com api.useinsider.com assets.api.useinsider.com assets.pinterest.com bam.nr-data.net bat.bing.com cdn.attraqt.io chat.gosquared.com configaus2.veinteractive.com connect.facebook.net *.criteo.com *.criteo.net ct.pinterest.com d1l6p2sc9645hc.cloudfront.net data2.gosquared.com data.gosquared.com dkupaw9ae63a8.cloudfront.net ecomm-cdn.trurating.com ecommwidget.trurating.com edge.fullstory.com eitri.api.useinsider.com fast.wistia.com fast.wistia.net *.forter.com foursixty.com googletagmanager.com stats.g.doubleclick.net *.hotjar.com https://www.google-analytics.com insight.adsrvr.org js-agent.newrelic.com js.adsrvr.org lantern.roeyecdn.com *.lightboxcdn.com loader.wisepops.com maps.googleapis.com match.adsrvr.org pagead2.googlesyndication.com pixel.roymorgan.com polyfill.io rs.fullstory.com srd.bazaarvoice.com static.zdassets.com s.pinimg.com s.retargeted.co tag.benchplatform.com test.socialq.net theathletesfootau.api.useinsider.com theathletesfootnz.api.useinsider.com *.theathletesfoot.com.au *.theathletesfoot.co.nz tpc.googlesyndication.com t.cfjump.com unpkg.com widget-mediator.zopim.com wss://widget-mediator.zopim.com www.everestjs.net www.googletagservices.com www.google.com www.ist-track.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com display.ugc.bazaarvoice.com apps.bazaarvoice.com assets.api.useinsider.com cdn.honey.io fast.wistia.com fonts.googleapis.com foursixty.com www.googletagmanager.com *.lightboxcdn.com pwm-image.trendmicro.com www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com api.retargeted.co ausaz231.dayforcehcm.com cdn.attraqt.io connect.facebook.net *.criteo.com embed-cloudfront.wistia.com embed-ssl.wistia.com embedwistia-a.akamaihd.net fast.wistia.com *.forter.com googleads.g.doubleclick.net insight.adsrvr.org match.adsrvr.org region1.google-analytics.com ssl.google-analytics.com ssl.gstatic.com static.zdassets.com td.doubleclick.net www.bing.com www.googletagmanager.com www.google.com.hk www.google.co.in www.google.gr 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com abacus.api.useinsider.com adobedc.demdex.net adservice.google.com ad.doubleclick.net analytics.tiktok.com api.retargeted.co api.trongrid.io api.useinsider.com bam.nr-data.net bat.bing.com carrier.useinsider.com collect-ap2.attraqt.io content.hotjar.io *.criteo.com cs.hae123.cn ct.pinterest.com d1wix2gc2cgqis.cloudfront.net d2o5idwacg3gyw.cloudfront.net d3in1te4fdays6.cloudfront.net devtools-euw1c-interaction-server-004-mobile.browserstack.com distillery.wistia.com doublestat.info ecmacore.com ecommapi.trurating.com edge.fullstory.com ekr.zdassets.com embed-cloudfront.wistia.com embed-ssl.wistia.com fast.wistia.com fast.wistia.net fg8vvsvnieiv3ej16jby.litix.io *.forter.com foursixty.com googleads4.g.doubleclick.net hit.api.useinsider.com *.hotjar.com ip.x2convert.com jb-on-site.api.useinsider.com locationv2.api.useinsider.com maps.googleapis.com metrics.hotjar.io network-a.bazaarvoice.com pagead2.googlesyndication.com pipedream.wistia.com portal.afterpay.com rcg.api.fluentretail.com rcg.tt.omtrdc.net recommendationv2.api.useinsider.com recommendation.api.useinsider.com region1.google-analytics.com rh.nexus.bazaarvoice.com rs.fullstory.com segment.api.useinsider.com stats.g.doubleclick.net surveystats.hotjar.io tafnz.api.fluentretail.com theathletesfootau.api.useinsider.com theathletesfootcustomercarenz.zendesk.com theathletesfootcustomercare.zendesk.com theathletesfootnz.api.useinsider.com *.theathletesfoot.com.au translate.googleapis.com tru-live-eventhubs.servicebus.windows.net unification.useinsider.com vc.hotjar.io widget-mediator.zopim.com wss://widget-mediator.zopim.com wss://ws.hotjar.com www.facebook.com www.google.com www.google.com.au zendesk-eu.my.sentry.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src edgeshoppingstatic.azureedge.net *.hotjar.com *.lightboxcdn.com wss://cdn0.forter.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.theathletesfoot.com 'self' 'unsafe-inline'; report-uri /_csp-reporting; report-to report-endpoint; 2
child-src js.stripe.com *.rfihub.com www.facebook.com; connect-src 'self' https://dataplane.rum.us-east-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://sts.us-east-1.amazonaws.com https://*.launchdarkly.com https://*.forter.com https://d3in1te4fdays6.cloudfront.net https://d1wix2gc2cgqis.cloudfront.net wss://cdn0.forter.com *.favorengineering.com *.prod.favor.dev *.pci-np.favor.dev *.favordelivery.com ct.pinterest.com stats.g.doubleclick.net www.google-analytics.com www.facebook.com api.askfavor.com; frame-src *.rfihub.com js.stripe.com bid.g.doubleclick.net www.facebook.com *.criteo.com *.criteo.net; img-src 'self' amplifypixel.outbrain.com *.favorengineering.com *.prod.favor.dev *.pci-np.favor.dev *.favordelivery.com cdn.askfavor.com ct.pinterest.com hexagon-analytics.com pinterest.adsymptotic.com stats.g.doubleclick.net tr.outbrain.com www.facebook.com www.google-analytics.com www.google.com googleads.g.doubleclick.net maps.googleapis.com maps.gstatic.com www.googletagmanager.com api.askfavor.com platform-lookaside.fbsbx.com *.criteo.net pingclock.net graph.facebook.com data:; script-src-elem 'self' 'unsafe-inline' https://client.rum.us-east-1.amazonaws.com *.pci.favor.dev *.favorengineering.com  https://*.forter.com https://dkupaw9ae63a8.cloudfront.net ont.net wss://cdn0.forter.com *.prod.favor.dev *.pci-np.favor.dev *.rfihub.com *.rfihub.net amplify.outbrain.com cdn.siftscience.com www.google.com web.btncdn.com connect.facebook.net googleads.g.doubleclick.net js.stripe.com maps.googleapis.com s.pinimg.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com *.criteo.com *.criteo.net app.link cdn.branch.io; script-src 'self' 'unsafe-eval' https://client.rum.us-east-1.amazonaws.com https://*.forter.com https://dkupaw9ae63a8.cloudfront.net *.favorengineering.com *.pci.favor.dev *.prod.favor.dev *.pci-np.favor.dev cdn.siftscience.com js.stripe.com maps.googleapis.com www.google.com web.btncdn.com 'unsafe-inline' *.rfihub.com amplify.outbrain.com connect.facebook.net googleads.g.doubleclick.net s.pinimg.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com *.criteo.com *.criteo.net *.rfihub.net app.link; style-src-attr 'unsafe-inline' fonts.googleapis.com; style-src-elem 'unsafe-inline' cloud.typography.com web-assets.favordelivery.com 'self' fonts.googleapis.com; style-src 'unsafe-eval' 'unsafe-inline' cloud.typography.com 'self' web-assets.favordelivery.com fonts.googleapis.com; form-action www.facebook.com favordelivery.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.rfihub.com amplify.outbrain.com amplifypixel.outbrain.com *.favordelivery.com *.favorengineering.com *.prod.favor.dev *.pci-np.favor.dev bid.g.doubleclick.net cdn.askfavor.com cdn.siftscience.com cloud.typography.com connect.facebook.net ct.pinterest.com googleads.g.doubleclick.net hexagon-analytics.com js.stripe.com maps.googleapis.com s.pinimg.com tr.outbrain.com www.facebook.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com fonts.gstatic.com; font-src 'self' data: fonts.gstatic.com; manifest-src 'self'; script-src-attr 'unsafe-inline'; report-uri https://favor.report-uri.com/r/t/csp/wizard; worker-src blob: 2
base-uri 'self'; default-src 'self' https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://*.analytics.google.com http://*.analytics.google.com *.analytics.google.com https://stats.g.doubleclick.com http://stats.g.doubleclick.com stats.g.doubleclick.com https://*.searchiq.co http://*.searchiq.co *.searchiq.co https://*.gstatic.com http://*.gstatic.com *.gstatic.com https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.cookielaw.com http://*.cookielaw.com *.cookielaw.com https://*.cookielaw.org http://*.cookielaw.org *.cookielaw.org https://*.cloudapi.de http://*.cloudapi.de *.cloudapi.de https://*.onetrust.com http://*.onetrust.com *.onetrust.com 'unsafe-inline' 'unsafe-eval'; child-src; connect-src 'self' https://cdn.cookielaw.org http://cdn.cookielaw.org cdn.cookielaw.org https://privacyportal-eu.onetrust.com http://privacyportal-eu.onetrust.com privacyportal-eu.onetrust.com; font-src 'self' https://privacyportal-eu-cdn.onetrust.com http://privacyportal-eu-cdn.onetrust.com privacyportal-eu-cdn.onetrust.com data:; form-action 'self'; frame-ancestors 'none'; frame-src 'self' https://tools.eurolandir.com http://tools.eurolandir.com tools.eurolandir.com https://*.instagram.com http://*.instagram.com *.instagram.com https://*.searchiq.co http://*.searchiq.co *.searchiq.co https://*.youtube.com http://*.youtube.com *.youtube.com https://*.hypemarks.com http://*.hypemarks.com *.hypemarks.com; img-src 'self' https://*.searchiq.co http://*.searchiq.co *.searchiq.co https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://*.analytics.google.com http://*.analytics.google.com *.analytics.google.com https://stats.g.doubleclick.com http://stats.g.doubleclick.com stats.g.doubleclick.com https://stats.g.doubleclick.net http://stats.g.doubleclick.net stats.g.doubleclick.net https://*.google.com http://*.google.com *.google.com https://*.google.co.uk http://*.google.co.uk *.google.co.uk https://*.cookielaw.org http://*.cookielaw.org *.cookielaw.org https://px.ads.linkedin.com http://px.ads.linkedin.com px.ads.linkedin.com https://*.linkedin.com http://*.linkedin.com *.linkedin.com https://*.facebook.com http://*.facebook.com *.facebook.com blob: data:; media-src https://youtube.com http://youtube.com youtube.com; object-src 'none'; manifest-src 'self'; script-src 'self' https://*.instagram.com http://*.instagram.com *.instagram.com https://*.licdn.com http://*.licdn.com *.licdn.com https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.searchiq.co http://*.searchiq.co *.searchiq.co https://*.youtube.com http://*.youtube.com *.youtube.com https://*.googletagmanager.com http://*.googletagmanager.com *.googletagmanager.com https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://*.analytics.google.com http://*.analytics.google.com *.analytics.google.com https://*.cookielaw.com http://*.cookielaw.com *.cookielaw.com https://*.cookielaw.org http://*.cookielaw.org *.cookielaw.org https://*.hypemarks.com http://*.hypemarks.com *.hypemarks.com https://*.moatads.com http://*.moatads.com *.moatads.com https://*.cloudapi.de http://*.cloudapi.de *.cloudapi.de https://*.onetrust.com http://*.onetrust.com *.onetrust.com https://connect.facebook.net http://connect.facebook.net connect.facebook.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 2
default-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.shopmetrics.com *.gigspot.com *.research-cloud.com https://*.jsdelivr.net https://unpkg.com https://*.unpkg.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://*.search.windows.net https://cdnjs.cloudflare.com https://code.jquery.com *.facebook.net *.facebook.com *.doubleclick.net *.googletagmanager.com *.bootstrapcdn.com *.typekit.net https://rmvelocityfrontend.blob.core.windows.net https://rec.i-say.com; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.shopmetrics.com *.gigspot.com *.research-cloud.com https://*.jsdelivr.net https://unpkg.com https://*.unpkg.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://*.search.windows.net https://cdnjs.cloudflare.com https://code.jquery.com *.facebook.net *.facebook.com *.doubleclick.net *.googletagmanager.com *.bootstrapcdn.com *.typekit.net https://rmvelocityfrontend.blob.core.windows.net; frame-src 'self' blob: *.shopmetrics.com *.gigspot.com *.research-cloud.com *.velocity.online *.youtube.com *.youtu.be; base-uri 'self'; form-action 'self' *.shopmetrics.com *.gigspot.com *.velocity.online; img-src * data: about: blob: filesystem: ma-file:; object-src 'none'; font-src 'self' data: *.shopmetrics.com *.bootstrapcdn.com *.typekit.net *.gstatic.com *.jsdelivr.net *.pstatic.net *.github.com; report-uri /CSPEndpoint.aspx; Report-To default; 2
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com https://use.typekit.net https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action *.facebook.com *.googlesyndication.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://*.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.dotdigital-pages.com *.dotdigital.com https://www.facebook.com https://tpc.googlesyndication.com https://consentcdn.cookiebot.com https://assets.braintreegateway.com https://*.paypal.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.trackedlink.net https://www.google.fi https://maps.gstatic.com https://maps.googleapis.com https://log.pinterest.com https://eckerolinechatbottest.blob.core.windows.net https://fonts.gstatic.com https://assets.braintreegateway.com https://*.paypal.com https://imgsct.cookiebot.com https://px.ads.linkedin.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal https://ajax.cloudflare.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://bam.eu01.nr-data.net https://bam.nr-data.net https://assets.pinterest.com https://maps.googleapis.com https://eckerolinechatbottest.blob.core.windows.net https://api.videoly.co https://www.google.fi https://www.googleadservices.com https://tpc.googlesyndication.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://js.braintreegateway.com https://assets.braintreegateway.com https://www.paypalobjects.com https://*.paypal.com https://snap.licdn.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://fast.fonts.net https://eckerolinechatbottest.blob.core.windows.net https://use.typekit.net https://p.typekit.net https://assets.braintreegateway.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.google-analytics.com *.facebook.com *.facebook.net https://*.google.com *.doubleclick.net *.googlesyndication.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://bam-cell.nr-data.net https://bam.eu01.nr-data.net https://bam.nr-data.net https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://maps.googleapis.com https://fonts.gstatic.com https://vimeo.com https://consentcdn.cookiebot.com https://api.sandbox.braintreegateway.com https://client-analytics.sandbox.braintreegateway.com https://*.braintree-api.com https://api.braintreegateway.com https://client-analytics.braintreegateway.com https://*.paypal.com https://px.ads.linkedin.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com 'self' 'unsafe-inline'; child-src https://assets.braintreegateway.com https://*.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
object-src 'none'; script-src 'self'  https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://static.addtoany.com https://storage.googleapis.com https://unpkg.com maps.googleapis.com; script-src-attr 'self'; style-src 'self'  https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.atd.com; style-src-attr 'self'; frame-ancestors 'self' 2
default-src * data:;   script-src * 'unsafe-eval';   script-src-elem * 'unsafe-inline';   script-src-attr *;   style-src * 'unsafe-inline' blob:;   style-src-elem * 'unsafe-inline';   style-src-attr * 'unsafe-inline';   img-src * 'self' data: blob:;   font-src * 'self' data: blob:;   connect-src * 'self' blob:;   media-src * 'self' blob:;   object-src * 'self' 'unsafe-inline' blob:;   prefetch-src * 'self' blob:;   child-src * 'self' blob:;   frame-src * 'self' blob:;   worker-src * 'self' blob:;   frame-ancestors * 'self' blob:;   form-action *;   upgrade-insecure-requests;   base-uri * 'self';   manifest-src * blob: sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts allow-top-navigation allow-top-navigation-to-custom-protocols; 2
default-src 'self' cdn.sanity.io https://www.bigmarker.com *.youtube.com *.ytimg.com *.ggpht.com fast.wistia.com embed-ssl.wistia.com; script-src 'self' 'unsafe-inline' *.gstatic.com *.googlesyndication.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.google.com *.google.com.au *.googletagmanager.com *.redditstatic.com *.reddit.com *.facebook.net *.facebook.com *.ads.linkedin.com snap.licdn.com cdn.linkedin.oribi.io *.clearbit.com cdn.sanity.io noembed.com *.youtube.com *.ytimg.com *.ggpht.com content.hotjar.io *.hotjar.com api.segment.io cdn.segment.com fast.wistia.com embed-ssl.wistia.com track.hubspot.com js.hs-banner.com api.hubspot.com js.hs-analytics.net js.hs-scripts.com js.usemessages.com cdn-cookieyes.com log.cookieyes.com directory.cookieyes.com; connect-src 'self' *.gstatic.com *.googlesyndication.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.google.com *.google.com.au *.googletagmanager.com *.redditstatic.com *.reddit.com *.facebook.net *.facebook.com *.ads.linkedin.com snap.licdn.com cdn.linkedin.oribi.io *.clearbit.com cdn.sanity.io noembed.com *.youtube.com *.ytimg.com *.ggpht.com content.hotjar.io *.hotjar.com wss://*.hotjar.com api.segment.io cdn.segment.com fast.wistia.com fast.wistia.net embed-cloudfront.wistia.com pipedream.wistia.com distillery.wistia.com track.hubspot.com js.hs-banner.com api.hubspot.com js.hs-analytics.net js.hs-scripts.com js.usemessages.com cdn-cookieyes.com log.cookieyes.com directory.cookieyes.com; img-src 'self' data: *.gstatic.com *.googlesyndication.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.google.com *.google.com.au *.googletagmanager.com *.redditstatic.com *.reddit.com *.facebook.net *.facebook.com *.ads.linkedin.com snap.licdn.com cdn.linkedin.oribi.io *.clearbit.com cdn.sanity.io *.youtube.com *.ytimg.com *.ggpht.com fast.wistia.com embed-ssl.wistia.com track.hubspot.com js.hs-banner.com api.hubspot.com js.hs-analytics.net js.hs-scripts.com js.usemessages.com cdn-cookieyes.com log.cookieyes.com directory.cookieyes.com; style-src 'self' 'unsafe-inline' data: *.youtube.com *.ytimg.com *.ggpht.com; font-src 'self' data: fonts.gstatic.com fast.wistia.com embed-ssl.wistia.com; frame-ancestors 'none' 2
worker-src https://cdn.connectif.cloud; font-src fonts.gstatic.com use.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com https://cdn.connectif.cloud js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com unpkg.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com display.ugc.bazaarvoice.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.bolt.com *.magento-datasolutions.com *.magento-ds.com *.sentry.io api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' https://litium.revolutionrace.se *.tycka.io *.cdn-sitegainer.com *.google.com *.gstatic.com *.googletagmanager.com *.youtube.com *.google-analytics.com s.pinimg.com bat.bing.com *.facebook.net *.tiktok.com *.revolutionrace.se *.googleadservices.com sc-static.net cdn.jsdelivr.net *.cloudflare.com *.criteo.net *.criteo.com *.snapchat.com *.distancify.workers.dev ct.pinterest.com *.doubleclick.net fbcdn.revolutionrace.se wss://fbcdn.revolutionrace.se *.bambuser.com *.facebook.com *.apptus.cloud recommender.scarabresearch.com *.klarnaservices.com *.klarnauserservices.com *.klarnacdn.net *.klarna.com *.sitegainer.com *.scarabresearch.com *.emarsys.net *.symplify.com pro.ip-api.com *.pinterest.com cdn-sitegainer.com sitegainer.com wss://recording.sitegainer.com *.imedia.cz www.seznam.cz fonts.googleapis.com www.pinterest.se maxcdn.bootstrapcdn.com ajax.googleapis.com *.spinnaker-js.com *.kindlycdn.com player.vimeo.com vimeo.com *.kindly.ai ws-eu.pusher.com wss://sage.kindly.ai wss://ws-eu.pusher.com *.klarnaevt.com js.klarna.com *.adyen.com *.storyblok.com js.stripe.com fonts.gstatic.com *.revolutionrace.com *.digitaloceanspaces.com presumably-romantic-eel.edgecompute.app cust-revolutionrace.web.app www.paypal.com 'unsafe-inline' 'unsafe-eval'; img-src data: https://* 'self'; media-src https://*; connect-src *; 2
img-src https: blob: data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.fcl.cloud https://*.flightcentre.com.au https://*.flightcentre.co.nz https://*.flightcentre.co.za https://*.flightcentre.ca https://*.flightcentre.co.uk https://www.googletagmanager.com https://*.google-analytics.com https://*.fullstory.com https://vxml4.plavxml.com https://*.nr-data.net https://*.usabilla.com http://*.usabilla.com https://*.newrelic.com https://d6tizftlrpuof.cloudfront.net https://cdnjs.cloudflare.com https://cdn.optimizely.com https://*.outbrain.com https://analytics.tiktok.com https://bat.bing.com https://cdn.abrankings.com https://connect.facebook.net https://edge.fullstory.com https://loader.wisepops.com https://wisepops.net https://s.pinimg.com https://snap.licdn.com https://googleads.g.doubleclick.net https://accounts.google.com https://*.pinterest.com https://*.evergage.com https://js.adsrvr.org https://static.criteo.net https://flightcentre-webchat.gotbot.co.za https://7226714.collect.igodigital.com https://cdn.pdst.fm https://*.hotjar.com https://tr.snapchat.com https://*.feefo.com https://koi-3qn5erhpry.marketingautomation.services https://cdn.jsdelivr.net https://*.stackla.com https://cdn.cookielaw.org https://sc-static.net https://developer.livehelpnow.net https://cdn.evgnet.com https://maps.googleapis.com https://sdk.joinsherpa.io https://cdn.wisepops.com https://*.quantserve.com https://*.livechatinc.com https://flightcentre.r-cubed.co.uk https://rules.quantcount.com https://*.criteo.com https://code.jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://register.feefo.com https://cdn.cookielaw.org; connect-src https://*.fcl.cloud wss://*.fcl.cloud https://*.flightcentre.com.au https://*.flightcentre.co.nz https://*.flightcentre.co.za https://*.flightcentre.ca https://*.flightcentre.co.uk https://*.fclmedia.com https://fcl-sydney-geo-7.ent.ap-southeast-2.aws.found.io https://*.launchdarkly.com https://*.optimizely.com *.nr-data.net https://*.fullstory.com https://*.google-analytics.com https://*.google.com https://*.google.com.au https://*.google.ca https://*.google.co.nz https://*.google.co.za https://*.google.co.uk https://*.evergage.com https://analytics.tiktok.com https://analytics.pangle-ads.com https://*.pinterest.com https://*.linkedin.com https://*.outbrain.com https://*.g.doubleclick.net https://wisepops.net https://*.wisepops.com https://*.feefo.com https://cdn.cookielaw.org https://developer.livehelpnow.net https://*.snapchat.com https://www.facebook.com https://bat.bing.com https://*.onetrust.com https://flightcentre.r-cubed.co.uk https://adservice.google.com https://www.google.com https://analytics.google.com https://www.googleadservices.com https://*.browser-intake-datadoghq.com https://*.criteo.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' wss://*.flightcentre.com.au:*; font-src https: blob: data:; frame-ancestors 'self'; report-uri /api/csp_report; 2
default-src 'self' *.a8b.co 2
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com *.fontawesome.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.cloudflare.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com imgs.cdn-btsg.com js.braintreegateway.com analytics.google.com assets.adobedtm.com dpm.demdex.net fonts.googleapis.com amcglobal.sc.omtrdc.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net bid.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com cloudinary.com *.cloudinary.com blob *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de cloudinary.com *.cloudinary.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com *.buywithprime.amazon.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com js.stripe.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cloudinary.com *.cloudinary.com cdnjs.cloudflare.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com imgs.cdn-btsg.com js.braintreegateway.com analytics.google.com assets.adobedtm.com dpm.demdex.net diypestcontrol.ladesk.com 1-vbus-us-tx.ladesk.com ct.pinterest.com amcglobal.sc.omtrdc.net cm.everesttech.net widgets.magentocommerce.com googleads.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com blob *.weltpixel.com *.authorize.net https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net data: widgets.automizely.com widgets.automizely.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com cloudinary.com *.cloudinary.com store.paradoxlabs.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.cloudflare.com *.cloudfront.net diypestcontrol.com ct.pinterest.com *.trackedlink.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com imgs.cdn-btsg.com js.braintreegateway.com blob https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net ajax.googleapis.com fonts.googleapis.com widgets.automizely.com widgets.automizely.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com apis.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.stripe.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cloudinary.com *.cloudinary.com cdnjs.cloudflare.com *.vimeo.com js.hsforms.net bat.bing.com ct.pinterest.com *.buywithprime.amazon.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.cloudflare.com *.stamped.io *.googletagmanager.com *.signifyd.com https://imgs.cdn-btsg.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com script.hotjar.com bm-rx.atatus.com dpm.demdex.net www.dwin1.com diypestcontrol.ladesk.com cm.everesttech.net widgets.magentocommerce.com bid.g.doubleclick.net *.ftcdn.net *.behance.net fpdbs.paypal.com fpdbs.sandbox.paypal.com i.ytimg.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com checkout.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com cdn1.stamped.io blob 'self' data: https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com *.avada.io *.authorize.net cdn.ampproject.org www.gstatic.com https://www.googletagmanager.com tagmanager.google.com unpkg.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widgets.automizely.com widgets.automizely.io unsafe-inline assets.braintreegateway.com cloudinary.com *.cloudinary.com *.fontawesome.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.cloudflare.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com imgs.cdn-btsg.com js.braintreegateway.com analytics.google.com dpm.demdex.net assets.adobedtm.com amcglobal.sc.omtrdc.net cm.everesttech.net widgets.magentocommerce.com googleads.g.doubleclick.net bid.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com c.paypal.com checkout.paypal.com *.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com blob https://static.klaviyo.com *.klevu.com *.ksearchnet.com www.gstatic.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com imgs.cdn-btsg.com js.braintreegateway.com analytics.google.com assets.adobedtm.com dpm.demdex.net amcglobal.sc.omtrdc.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net bid.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com cloudinary.com *.cloudinary.com blob 'self' 'unsafe-inline'; media-src *.adobe.com cloudinary.com *.cloudinary.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com js.braintreegateway.com analytics.google.com assets.adobedtm.com dpm.demdex.net amcglobal.sc.omtrdc.net cm.everesttech.net widgets.magentocommerce.com googleads.g.doubleclick.net bid.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com imgs.cdn-btsg.com blob 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adobe.io performance.typekit.net *.sentry.io api.automizely.com api.automizely.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de cloudinary.com *.cloudinary.com forms.hsforms.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.cloudflare.com assets.adobedtm.com a.klaviyo.com ct.pinterest.com stats.g.doubleclick.net maps.googleapis.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com imgs.cdn-btsg.com js.braintreegateway.com cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net bid.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com blob https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io *.authorize.net cdn.ampproject.org www.googleapis.com *.google-analytics.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com js.braintreegateway.com analytics.google.com assets.adobedtm.com dpm.demdex.net amcglobal.sc.omtrdc.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net bid.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com checkout.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com cloudinary.com *.cloudinary.com imgs.cdn-btsg.com blob http: https: blob: 'self' 'unsafe-inline'; default-src assets.adobedtm.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/domain-registry 2
report-uri https://cspapi.dev.torrentflood.com/api/csp; default-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' blob: data: *.vimeo.com *.amazonaws.com *.fema.gov *.googleapis.com *.gstatic.com *.kaspersky-labs.com consent.api.osano.com tattle.api.osano.com cmp.osano.com disclosure.api.osano.com *.torrentflood.com *.trustarc.com accessdenied.pnc.com agents.floodsmart.gov analytics.google.com az416426.vo.msecnd.net cdn-forpci33.actonsoftware.com cdn.jsdelivr.net cdnjs.cloudflare.com ggpht.com google-analytics.com hartfordfloodonline.com home-c8.incontact.com marketing.torrentcorp.com maxcdn.bootstrapcdn.com mozbar.moz.com nfipdirect.com nfipdirect.fema.com nfipservices.floodsmart.gov player.vimeo.com pwm-image.trendmicro.com rum-collector-2.pingdom.net rum-static.pingdom.net selectiveflood.com ssl.google-analytics.com static3.avast.com stats.g.doubleclick.net tagmanager.google.com torrentcorp.com torrentflood.com use.fontawesome.com vortex.data.microsoft.com www.google-analytics.com www.google.com www.googletagmanager.com www.youtube.com; frame-ancestors 'self' *.torrentflood.com https://vmp.boldchat.com https://vms.boldchat.com https://*.boldchat.com https://*.torrentflood.com https://thehartford.getflood.com https://torrentflood.com https://www.hartfordfloodonline.com; 2
default-src 'self' data:; img-src 'self' https://*.laposte.fr; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data:; script-src 'self'; style-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com 'unsafe-inline'; style-src-attr 'self' https://fonts.googleapis.com https://fonts.gstatic.com; frame-ancestors 'self'; report-uri https://apostello.uriports.com/reports/report; report-to default 2
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/youtube-marketing/artists_youtube 2
report-uri https://8200068e1bbb5c22d2e57dd38c2ddbcf.report-uri.com/r/t/csp/wizard; 2
default-src 'self' data: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ ; child-src 'self' blob: ; connect-src 'self' data: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ ; frame-src 'self' blob: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ android-webview-video-poster: https://player.vimeo.com https://*.knowbe4.com https://*.ccm.knowbe4.com https://*.internal.knowbe4.com https://*.ccm.internal.knowbe4.com ; font-src 'self' data: fonts.gstatic.com use.typekit.net ; img-src * 'self' blob: cid: data: file: android-webview-video-poster: https://cdn.mxpnl.com/ https://v2assets.zopim.io/ https://static.zdassets.com/ app.pendo.io cdn.pendo.io data.pendo.io pendo-static-6167502888239104.storage.googleapis.com ; media-src 'self' about: blob: data: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ ; object-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ pendo-io-static.storage.googleapis.com pendo-static-6167502888239104.storage.googleapis.com use.typekit.net ; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: data: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ https://unpkg.com/vue@2.6.14 ; style-src 'self' 'unsafe-inline' data: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ app.pendo.io cdn.pendo.io pendo-static-6167502888239104.storage.googleapis.com use.typekit.net ; style-src-elem 'self' 'unsafe-inline' data: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ app.pendo.io cdn.pendo.io pendo-static-6167502888239104.storage.googleapis.com https://fonts.googleapis.com/ p.typekit.net ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubf27996eb9977f34aa9f3376bd3939adc&dd-evp-origin=content-security-policy&ddsource=csp-report&app=kmsat&env=production-eu-west-1 ; worker-src 'self' blob: data: ; 2
script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/main_light_binary.js https://www.google.com/tools/feedback/chat_load.js https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.oBQ9IVgZt9s.es5.O/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/fine-allowlist 2
font-src *.googleapis.com *.gstatic.com data: *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.zopim.com *.zopim.io *.klevu.com *.ksearchnet.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.twitter.com *.facebook.com 'self' data: *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com https://www.youtube.com http://www.sandbox.paypal.com *.twitter.com *.facebook.com 'self' data: c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com https://www.facebook.com/ connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.bing.com *.zopim.com *.zopim.io *.doubleclick.net *.google.com *.google.co.in *.mastercard.com *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com https://connect.facebook.net/ connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bing.com *.zopim.com *.zdassets.com *.google.com *.dwin1.com *.getsitecontrol.com/ https://js-agent.newrelic.com/ https://cdn.cookielaw.org/ https://cdn.equalweb.com js.klevu.com *.ksearchnet.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net https://www.googletagmanager.com tagmanager.google.com unpkg.com www.xtento.com cdn.xtento.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.fontawesome.com *.bing.com *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com tagmanager.google.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com *.zopim.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://www.facebook.com/ connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com *.google-analytics.com https://stats.g.doubleclick.net/ *.getsitecontrol.com/ https://bam.nr-data.net/ https://cdn.equalweb.com/ https://events.getsitectrl.com/ https://cdn.cookielaw.org/ *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src https://components-bnpl-pe-bbva-moprestamo-com.s3.amazonaws.com *.alothemes.com *.magepow.com 'self' data: *.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * webpay3g.transbank.cl webpay3gint.transbank.cl 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.moprestamo.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.moprestamo.com *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com business.facebook.com 'self' data: *.google.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.paypal.com *.facebook.com *.apptrian.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.moprestamo.com *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.net business.facebook.com *.google.com *.google-analytics.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.moprestamo.com *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.google.com *.typekit.net unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com business.facebook.com *.google-analytics.com *.paypal.com api.mercadopago.com tm.filter:* api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.gstatic.com *.stape.io *.fontawesome.com maxcdn.bootstrapcdn.com 'unsafe-inline' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://fittinglabs-development.firebaseapp.com https://fittinglabs-staging.firebaseapp.com https://fittinglabs-production.firebaseapp.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.stape.io c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.youtube.com www.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://shop-demo.fittinglabs.it https://shop-dev.fittinglabs.it https://magento.test *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net *.stape.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.facebook.com bam.nr-data.net epictv.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://apis.google.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.stape.io *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com connect.facebook.net api.videoly.co js-agent.newrelic.com bam.nr-data.net dapi.videoly.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.googleapis.com *.googletagmanager.com *.stape.io *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://api.fittinglabs.it https://api-demo.fittinglabs.it https://api-dev.fittinglabs.it https://identitytoolkit.googleapis.com https://securetoken.googleapis.com http://127.0.0.1:5000 http://localhost:5000 *.lottiefiles.com *.eu-central-1.linodeobjects.com *.google-analytics.com *.google.com *.doubleclick.net *.googlesyndication.com *.stape.io https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com https://www.google-analytics.com bam.nr-data.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.eu-central-1.linodeobjects.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src https://cdn.checkout.com *.fontawesome.com https://instantcredit.net/ *.klarnacdn.net *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors https://instantcredit.net/ *.stripe.com stripe.com *.link.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.awin1.com *.zenaps.com *.fls.doubleclick.net https://js.checkout.com *.klarna.com https://instantcredit.net/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.awin1.com *.zenaps.com cdn.doofinder.com *.klarna.com *.klarnaevt.com *.klarnacdn.net * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com https://cdn.checkout.com *.klarnacdn.net cdn.doofinder.com *.plugins.emarsys.net *.scarabresearch.com https://instantcredit.net/ https://code.jquery.com/ *.klarna.com *.klarnaservices.com * *.fontawesome.com *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.stripe.com klarna.com *.klarnaevt.com *.link.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://cdn.checkout.com *.fontawesome.com *.doofinder.com https://instantcredit.net/ *.klarnacdn.net unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://the.sciencebehindecommerce.com https://js.checkout.com *.klarnacdn.net *.doofinder.com wss://*.doofinder.com *.scarabresearch.com *.eservice.emarsys.net https://instantcredit.net/ https://test.instantcredit.net/ *.klarnaevt.com *.klarna.com *.klarnaservices.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.stripe.com klarna.com *.link.com *.yotpo.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://api.itau.com.br/ https://api.itau.com.br:443/ https://sts.itau.com.br/ https://sts.itau.com.br:443/ https://secure.api.itau/ https://secure.api.itau:443/ https://apisandbox.redeecommerce.rede.com.br/ https://apiquerysandbox.redeecommerce.rede.com.br/ https://api.redeecommerce.rede.com.br/ https://apiquery.redeecommerce.rede.com.br/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.gstatic.com data: 'self' data: *.doubleclick.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src secure.authorize.net test.authorize.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net https://*.dpdconnect.nl *.multisafepay.com https://pay.google.com www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: *.vimeocdn.com i.ytimg.com www.googleadservices.com www.google-analytics.com *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.sooqr.com *.multisafepay.com www.magmodules.eu *.squeezely.tech www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googleadservices.com www.google-analytics.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.googletagmanager.com *.facebook.net *.doubleclick.net https://*.dpdconnect.nl s7.addthis.com *.avada.io *.sooqr.com *.multisafepay.com https://pay.google.com squeezely.tech www.squeezely.tech *.squeezely.tech www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.doubleclick.net *.fontawesome.com *.sooqr.com *.multisafepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com *.google-analytics.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.multisafepay.com squeezely.tech *.squeezely.tech 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://a3frkpbrnzxvdwnkpssx604n.httpschecker.net/report; report-to https://a3frkpbrnzxvdwnkpssx604n.httpschecker.net/report 2
font-src *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com *.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.vivapayments.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.addthis.com td.doubleclick.net www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com https://img.youtube.com s.w.org *.degezondewereld.nl *.degezondewereld.be cdn.klarna.com www.google.nl *.tinymce.com flagpedia.net www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.vivapayments.com s7.addthis.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.avada.io matomo.dutch-headshop.nl *.tiny.cloud *.gstatic.com maps.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://cdn.jsdelivr.net maxcdn.bootstrapcdn.com fonts.googleapis.com *.typekit.net *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com ekr.zdassets.com/ https://get.geojs.io *.avada.io stats.g.doubleclick.net matomo.dutch-headshop.nl pagead2.googlesyndication.com google.com *.tiny.cloud www.gstatic.com maps.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
base-uri 'none'; default-src 'none'; frame-ancestors 'self' https://*.matchawards.com https://*.openplatform.us; font-src 'self' http://matchawards.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://*.crisp.chat http://*.bootstrapcdn.com; img-src 'self' https: data: blob: http://matchawards.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com *.cloudflare.com *.googleapis.com https://*.clarity.ms https://maxcdn.bootstrapcdn.com http://maxcdn.bootstrapcdn.com/bootstrap/3.3.0/css/bootstrap.min.css https://*.www.clickcease.com https://*.google.com https://*.crisp.chat wss://*.crisp.chat https://*.microsoft.com http://*.bing.com https://*.inventiveinspired7.com *.ait.tools https://*.processwebsitedata.com https://*.sitedataprocessing.com https://*.usbrowserspeed.com https://d-code.liadm.com http://*.matchawards.com:443/; media-src 'self' https: data: http://matchawards.com; frame-src 'self' https:; manifest-src 'self' http://matchawards.com; connect-src 'self' blob: http://matchawards.com ws://localhost:4000 ws://localhost:3035 http://localhost:3035 https://*.google.com *.cloudflare.com *.googleapis.com https://*.facebook.net https://*.facebook.com https://*.clarity.ms https://*.matchawards.com https://maps.googleapis.com http://172.16.13.226:8020 https://www.google-analytics.com https://apxl.io/script.js https://apxl.io/34cf5d42-e9e9-48ef-ba2d-59ed2c6f0c7e/tag https://*.hotjar.com/ https://*.hotjar.io wss://*.hotjar.com https://*.linkedin.com https://cdn.linkedin.oribi.io/partner/4032836/domain/localhost/token https://cdn.linkedin.oribi.io/partner/4032836/domain/matchawards.com/token https://*.googlesyndication.com https://*.google.com https://*.crisp.chat wss://*.crisp.chat https://*.microsoft.com http://*.bing.com https://*.inventiveinspired7.com *.ait.tools https://*.processwebsitedata.com https://*.sitedataprocessing.com https://*.usbrowserspeed.com https://d-code.liadm.com http://*.matchawards.com:443/ https://google.com/pagead/form-data/ https://google.com/ccm/form-data/; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://matchawards.com https://*.google.com *.cloudflare.com *.googleapis.com https://*.facebook.net https://*.facebook.com https://*.clarity.ms https://*.matchawards.com https://www.google.com/recaptcha/api.js https://maps.googleapis.com https://www.gstatic.com https://www.recaptcha.net https://www.googletagmanager.com https://apxl.io/script.js https://apxl.io/34cf5d42-e9e9-48ef-ba2d-59ed2c6f0c7e/tag https://*.www.clickcease.com https://www.clickcease.com/monitor/stat.js https://cdn.useproof.com/proof.js https://*.hotjar.com/ https://a.remarketstats.com/px/smart/ https://a.clickcertain.com/px/smart/a/ https://*.hotjar.io wss://*.hotjar.com https://*.licdn.com https://*.doubleclick.net https://*.googlesyndication.com https://*.google.com https://*.crisp.chat wss://*.crisp.chat https://*.microsoft.com http://*.bing.com https://*.inventiveinspired7.com *.ait.tools https://*.processwebsitedata.com https://*.sitedataprocessing.com https://*.usbrowserspeed.com https://d-code.liadm.com https://cdn.jsdelivr.net/npm/chart.js http://*.matchawards.com:443/ https://google.com/pagead/form-data/ https://google.com/ccm/form-data/ 2
worker-src 'none'; 2
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' cdnjs.cloudflare.com kit.fontawesome.com apps.elfsight.com static.elfsight.com cdn.usebootstrap.com *.cloudmaestro.com www.gstatic.com www.google-analytics.com www.google.com googletagmanager.com *.googletagmanager.com *.optimizely.com stockist.co *.stockist.co *.klaviyo.com; report-uri /.webscale/csp-report 2
default-src https: 'unsafe-inline' data: 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: logger.scot.nhs.uk *.fontawesome.com use.typekit.net *.google.com *.google.co.uk *.googleapis.com themes.googleusercontent.com *.gstatic.com code.jquery.com yui.yahooapis.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.twitter.com *.twimg.com *.youtube.com youtu.be *.ytimg.com www.youtube-nocookie.com player.vimeo.com i.vimeocdn.com cdn.jwplayer.com content.jwplatform.com prd.jwpltx.com *.jwpcdn.com *.jwpsrv.com *.civiccomputing.com cc.cdn.civiccomputing.com secure.gravatar.com public.tableau.com www.openstreetmap.org browser-update.org s.w.org www.geoplugin.net *.wp.com hcaptcha.com *.hcaptcha.com www.careopinion.org.uk www.patientopinion.org.uk assets.nhs.uk www.travelinescotland.com; worker-src 'self' www.google.com; frame-ancestors 'self'; base-uri 'self'; report-to csp-endpoint; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report 2
default-src 'self' data: blob: *.visiondirect.co.uk https://*.visiondirect.info https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://*.cloudfront.net https://*.salesforce.com https://*.klarnaevt.com https://*.klarnacdn.net https://*.klarna.com https://widget.trustpilot.com https://*.optimizely.com https://*.dycdn.net https://*.facebook.net https://static.zdassets.com https://www.zenaps.com https://*.contentsquare.net https://*.google.co.uk wss://*.freshrelevance.com https://*.freshrelevance.com https://*.doubleclick.net https://*.facebook.com https://*.tiktok.com https://bat.bing.com https://*.wistia.com https://*.litix.io https://*.awin1.com https://*.akamaihd.net;script-src 'unsafe-inline' 'unsafe-eval' blob: *;style-src 'unsafe-inline' *;font-src * data:;worker-src 'self' data: blob:;frame-src 'self' https://*.google.com https://*.youtube.com https://*.facebook.com https://*.optimizely.com https://*.salesforce.com https://*.klarna.com https://*.trustpilot.com https://*.davidclulow.com https://analytics.tiktok.com;report-uri /content/csp_report;frame-ancestors 'self'; 2
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; report-to report; report-uri /?_task=background&_action=csp_report 2
font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com https://use.typekit.net https://static.formstack.com https://css.zohocdn.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com maxcdn.bootstrapcdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com https://www.google.com https://www.youtube.com https://www.bullseyelocations.com landofcoder.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com https://www.truck-lite.com https://www.rigidindustries.com https://www.clariencetechnologies.com https://www.lumiteclighting.com https://www.truck-lite.eu.com https://mcstaging.truck-lite.com https://trucklite.localhost https://mcstaging.clariencetechnologies.com https://pm.geniusmonkey.com https://css.zohocdn.com https://static.ctctcdn.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://maps.googleapis.com https://maps.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com https://www.gstatic.com https://www.google.com *.google.bg *.googletagmanager.com https://connect.facebook.net *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com https://browser-update.org https://wwwtrucklitecom.formstack.com https://static.formstack.com https://js.stripe.com https://code.jquery.com https://cdnjs.cloudflare.com https://static.ctctcdn.com https://salesiq.zoho.com https://js.zohocdn.com https://static.zohocdn.com https://js-agent.newrelic.com https://www.googletagmanager.com https://maps.googleapis.com https://googleads.g.doubleclick.net chimpstatic.com downloads.mailchimp.com *.list-manage.com landofcoder.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://use.typekit.net https://p.typekit.net https://static.ctctcdn.com https://css.zohocdn.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com maxcdn.bootstrapcdn.com downloads.mailchimp.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com https://wwwtrucklitecom.formstack.com https://listgrowth.ctctcdn.com https://bam.nr-data.net https://salesiq.zohopublic.com https://www.google-analytics.com https://analytics.google.com https://www.facebook.com https://maps.googleapis.com landofcoder.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
frame-src 'self' www.youtube.com www.google.com js.playground.klarna.com js.klarna.com https://checkoutshopper-test.adyen.com https://pay.google.com https://wchat.freshchat.com https://connect.getflowbox.com return.4sellers.de *.webpush.freshchat.com ct.pinterest.com vercel.live *.sovendus.com *.adyen.com *.dotdigital-pages.com dotdigital-pages.com gum.criteo.com fledge.eu.criteo.com *.cnstrc.com cnstrc.com 2
font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' wss: *.gravatar.com *.civicplus.com *.civicplus.pro *.civic.place *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.publicstuff.com *.googletagmanager.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com connect.facebook.net static.addtoany.com https://widgets.nrel.gov *.openstreetmap.org cdn-images.mailchimp.com platform.twitter.com blob:; object-src 'self' 'unsafe-inline' 'unsafe-eval' translate.googleapis.com iframe.publicstuff.com; style-src 'self' 'unsafe-inline' iframe.publicstuff.com  *.civicplus.com *.civicplus.pro *.civicclerk.com *.civic.place engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com *.ctctcdn.com cdn-images.mailchimp.com data:; img-src 'self' 'unsafe-inline' iframe.publicstuff.com *.civicplus.com *.civicplus.pro *.civicclerk.com *.civic.place engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com www.facebook.com https://widgets.nrel.gov www.facebook.com *.openstreetmap.org cdn-images.mailchimp.com i.ytimg.com data:; media-src 'self' translate.googleapis.com iframe.publicstuff.com data:; frame-src 'self' 'unsafe-inline' iframe.publicstuff.com *.youtube.com *.airtable.com *.swagit.com *.google.com *.civicplus.com *.novusagenda.com *.publicstuff.com *.audioeye.com acg.is *.maps.arcgis.com https://www.google.com/maps/embed *.googletagmanager.com https://www.youtube.com/embed https://www.youtube-nocookie.com/embed static.addtoany.com www.facebook.com m.facebook.com my.matterport.com ltfl.librarything.com player.vimeo.com *.granicus.com data:; frame-ancestors 'self' *.civicplus.com *.civicplus.pro *.civic.place *.civicclerk.com; child-src 'self' 'unsafe-inline' iframe.publicstuff.com *.youtube.com *.airtable.com *.swagit.com *.google.com *.civicplus.com *.novusagenda.com *.publicstuff.com *.audioeye.com acg.is *.maps.arcgis.com https://www.google.com/maps/embed *.googletagmanager.com https://www.youtube.com/embed https://www.youtube-nocookie.com/embed static.addtoany.com www.facebook.com m.facebook.com my.matterport.com ltfl.librarything.com player.vimeo.com *.granicus.com data:; font-src 'self' 'unsafe-inline' 'unsafe-eval' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com user.govoutreach.com syndication.twitter.com data:; connect-src 'self' 'unsafe-inline' iframe.publicstuff.com  *.civicplus.com *.civicplus.pro *.civic.place *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com stats.g.doubleclick.net; report-uri /report-csp-violation 2
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.cloudflare.com *.adbr.io *.fontawesome.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.adabra.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com *.trustpilot.com *.criteo.com *.cookiebot.com *.youtube.com *.hotjar.com *.adbr.io ad4m.at *.ad4m.at service.force.com *.marketingspray.com *.criteo.net *.tncid.app *.clinch.co *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.google.de *.google.it *.bing.com *.adbr.io maps.googleapis.com *.ad4m.at ih.adscale.de rtb-csync.smartadserver.com simage2.pubmatic.com dsum-sec.casalemedia.com *.twiago.com ad.yieldlab.net *.marketingspray.com *.adform.net *.clarity.ms *.bidswitch.net *.adnxs.com *.media.net *.rubiconproject.com *.sharethrough.com *.taboola.com *.teads.tv *.3lift.com *.yahoo.com *.omnitagjs.com *.casalemedia.com *.criteo.com id5-sync.com *.360yield.com *.ivitrack.com *.mediavine.com *.outbrain.com *.tremorhub.com *.yieldmo.com *.krxd.com *.thebrighttag.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com maps.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.trustpilot.com *.criteo.com *.criteo.net *.newrelic.com *.cookiebot.com bam.nr-data.net *.google.de *.google.it *.bing.com *.hotjar.com *.adbr.io ad4m.at pushpad.xyz service.force.com *.salesforceliveagent.com *.marketingspray.com *.shippypro.com *.kk-resources.com *.farmae.it *.clarity.ms *.googleoptimize.com *.tiktok.com *.dwin1.com sdk.privacy-center.org api.privacy-center.org pmp-sdk.privacy-center.org *.tncid.app *.clinch.co *.visualwebsiteoptimizer.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com maps.googleapis.com tracking.trovaprezzi.it www.trovaprezzi.it 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.cloudflare.com *.adbr.io service.force.com *.shippypro.com *.fontawesome.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net *.google.com bam.nr-data.net *.doubleclick.net *.trustpilot.com pagead2.googlesyndication.com consentcdn.cookiebot.com *.adbr.io *.googleapis.com *.shippypro.com pushpad.xyz *.clarity.ms *.tiktok.com *.criteo.com sdk.privacy-center.org api.privacy-center.org pmp-sdk.privacy-center.org *.hotjar.io *.tncid.app *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.trustpilot.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.paypal.com *.typekit.net *.gstatic.com *.googleapis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://images.unsplash.com *.klarna.com *.klarnaevt.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.magento-datasolutions.com *.magento-ds.com *.typekit.net google.com *.google.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://*.dibspayment.eu chimpstatic.com downloads.mailchimp.com *.list-manage.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.trustpilot.com www.xtento.com cdn.xtento.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com downloads.mailchimp.com *.fontawesome.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com p13n-mr.adobe.io www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.adobedc.net *.demdex.net *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarnaevt.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
; frame-ancestors 'self' 2
script-src 'self' 'unsafe-eval' https://use.fontawesome.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://static.ctctcdn.com https://translate.googleapis.com https://cdnjs.cloudflare.com https://unpkg.com; script-src-elem 'self' 'unsafe-inline' translate.google.com www.google.com www.gstatic.com static.ctctcdn.com www.googletagmanager.com cdn.jsdelivr.net www.google-analytics.com translate.googleapis.com bam.nr-data.net js-agent.newrelic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://use.fontawesome.com; style-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net translate.googleapis.com static.ctctcdn.com www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://use.fontawesome.com; frame-ancestors 'self' 2
font-src *.fontawesome.com *.googleapis.com *.gstatic.com fonts.gstatic.com *.klarnacdn.net maxcdn.bootstrapcdn.com *.hotjar.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com sandbox.przelewy24.pl secure.przelewy24.pl facebook.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.facebook.com *.kinderkraft.fr *.kinderkraft.pl kinderkraft.fr kinderkraft.pl *.trustpilot.com *.criteo.gum *.cookiebot.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ consentcdn.cookiebot.com *.klarna.com pay.google.com secure.payu.com merch-prod.snd.payu.com *.trustpilot.com *.facebook.com www.facebook.com *.instagram.com *.hotjar.com *.criteo.com *.criteo.net *.youtube-nocookie.com *.google.com *.kinderkraft.fr kinderkraft.fr kinderkraft.pl *.pinterest.com td.doubleclick.net hal9000.redintelligence.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://images.unsplash.com *.gstatic.com *.googleapis.com *.ggpht *.klarna.com *.klarnaevt.com *.klarnacdn.net static.przelewy24.pl www.gstatic.com gstatic.com static.payu.com *.ytimg.com www.google.com www.google.pl kinderkraft.com pixel.wp.pl www.facebook.com *.instagram.com *.payu.com *.hotjar.com www.googletagmanager.com googleads.g.doubleclick.net *.criteo.com *.adobedtm.com *.doubleclick.net *.outbrain.com *.rubiconproject.com *.yahoo.com *.3lift.com *.smartadserver.com *.adnxs.com *.tapad.com *.casalemedia.com *.360yield.com *.taboola.com *.pubmatic.com *.media.net *.teads.tv *.adform.net *.bidswitch.net *.sharethrough.com *.smaato.net *.socdm.com *.adscale.de *.advertising.com *.dable.io *.co.kr *.stickyadstv.com *.twiago.com *.omnitagjs.com *.liadm.com *.yieldmo.com *.postrelease.com *.addthis.com *.revcontent.com *.mail.ru *.yieldlab.net *.rambler.ru *.bing.com *.openx.net *.nate.com *.mediawallahscript.com id5-sync.com *.rlcdn.com *.adingo.jp *.tremorhub.com *.yandex.ru *.aralego.com/ *.ad-stir.com *.adtdp.com *.meba.kr *.1rx.io *.toast.com *.turn.com *.dmxleo.com *.mediavine.com *.ivitrack.com *.smartclip.net *.krxd.net *.emxdgt.com *.pinterest.com *.bluekai.com *.thebrighttag.com kinderkraft.pl *.user.com *.trustpilot.com *.trustpilot.net *.metaffiliation.com imgsct.cookiebot.com region1.analytics.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ consent.cookiebot.com *.googleapis.com *.gstatic.com *.klarna.com *.klarnacdn.net sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com *.klarnaservices.com *.avada.io secure.payu.com secure.snd.payu.com *.trustpilot.com *.googletagmanager.com kinderkraft-staging.user.com *.user.com consentcdn.cookiebot.com *.g.doubleclick.net *.adyen.com *.facebook.net pixel.wp.pl *.hotjar.com *.criteo.com *.newrelic.com *.criteo.net *.nr-data.net *.cloudflare.com *.clickcease.com *.pinimg.com *.googleoptimize.com *.youtube.com *.kinderkraft.pl *.kinderkraft.fr *.kinderkraft.de *.kinderkraft.it *.kinderkraft.co.uk *.kinderkraft.es *.metaffiliation.com *.bing.com *.clarity.ms *.cux.io *.taboola.com *.luigisbox.com ct.pinterest.com kng.kinderkraft.at sha.kinderkraft.be tag.facemyads.co bbd-tag.de s.retargeted.co apptracker.stream 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.gstatic.com fonts.googleapis.com *.klarnacdn.net maxcdn.bootstrapcdn.com *.trustpilot.com *.instagram.com *.cloudflare.com cdn.luigisbox.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.googlevideo.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klarnaevt.com sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://get.geojs.io *.avada.io secure.payu.com merch-prod.snd.payu.com *.instagram.com kinderkraft-staging.user.com wss://kinderkraft-staging.user.com *.adyen.com yt2html5.com *.user.com www.google.com googleads.g.doubleclick.net stats.g.doubleclick.net wss://kinderkraft.user.com *.hotjar.com wss://ws3.hotjar.com analytics.google.com *.paypal.com https://paypal.com paypal.com *.nr-data.net consentcdn.cookiebot.com *.hotjar.io *.criteo.com wss://ws29.hotjar.com *.pinterest.com *.google.com wss://ws11.hotjar.com google.pl google.com *.kinderkraft.fr *.metaffiliation.com *.sentry.io sentry.io *.clarity.ms *.cux.io *.facebook.com facebook.com *.google.pl wss://* *.openfpcdn.io *.google-analytics.com *.taboola.com *.luigisbox.com *.bing.com server-side-tagging-vqegoo7bda-uc.a.run.app wdg.kinderkraft.pl 'self' 'unsafe-inline'; child-src *.instagram.com http: https: blob: 'self' 'unsafe-inline'; default-src *.adyen.com *.instagram.com *.googleoptimize.com *.bing.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.gstatic.com/ *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cetelem.es *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.avis-verifies.com/ *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.cetelem.es *.google.com/ *.youtube.com/ cdn.doofinder.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cetelem.es *.googletagmanager.com/ *.cdn.cookielaw.org/ *.youtube.com/ *.tradedoubler.com cdn.doofinder.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cetelem.es *.googleapis.com/ *.doofinder.com *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cetelem.es *.doofinder.com wss://*.doofinder.com *.google-analytics.com analytics.google.com *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com https://cdnjs.cloudflare.com fonts.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com sandbox.przelewy24.pl secure.przelewy24.pl 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src 'self' *.cookiebot.com *.criteo.com *.salesmanago.pl fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.dotdigital-pages.com *.dotdigital.com pay.google.com *.weltpixel.com; img-src *.bing.com *.google.pl google.pl *.cookiebot.com *.criteo.com *.google.de assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.trackedlink.net static.przelewy24.pl www.gstatic.com gstatic.com *.tile.osm.org *.cloudflare.com *.githubusercontent.com https://img.youtube.com flagpedia.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.com *.bing.com *.criteo.com *.facebook.net assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.doubleclick.net *.google-analytics.com *.gstatic.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal https://cdnjs.cloudflare.com sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com s7.addthis.com 'sha256-W5akSSK6LD5BjIlNICMcXaUObQSRAaj6bs7JHADURBA=' 'sha256-3qVqeAdyxxTdPkkRzqapjGkAUYLahxSrB7Mdup+GPQ0=' 'sha256-2rvfFrggTCtyF5WOiTri1gDS8Boibj4Njn0e+VCBmDI=' 'sha256-p8MCfMHqrovsjRYU9z0bU17dd0z81k/fVbGrtBBiM9g=' 'sha256-0pk2s4oXwBELlC6IBVb3nNaM2PjfjwI2N6OGIX5lx8Y=' 'sha256-nkEZknO0IxNxY/CkTMBhjNhwPvglpYumjx31B4fjkY8=' 'sha256-aqnk2yIXvD6iyk4qOV1/STUtdJ/WYTxD82VsHKYOY0M=' 'sha256-8uXzLRQKA2O1GOFJqGscNR8XvWeFXuMlh5gmAAMOydM=' 'sha256-SIGkMRGjRGm/FcNBxClSI86hmg4FZ7VvqN2AhD3y+5M='; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://fonts.googleapis.com https://cdnjs.cloudflare.com fonts.googleapis.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.doubleclick.net *.criteo.com *.cookiebot.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com *.tile.osm.org *.openstreetmap.org ekr.zdassets.com/ www.gstatic.com t.elasticsuite.io; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.openstreetmap.org *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; report-uri /csp-report 2
default-src 'self'; connect-src 'self' https://region1.google-analytics.com; font-src 'self' https://use.typekit.net; frame-ancestors 'self'; frame-src 'self' https://www.google.com/; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://*.typekit.net; style-src-elem 'self' 'unsafe-inline' https://*.typekit.net; 2
default-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: https:; font-src data: https:; report-uri https://kilian.report-uri.io/r/default/csp/reportOnlyi; connect-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' https://client.crisp.chat https://storage.crisp.chat wss://client.relay.crisp.chat wss://stream.relay.crisp.chat 2
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; report-uri https://almexx.report-uri.io/r/default/csp/reportOnly 2
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com *.gstatic.com 'self' data: data: surveys-static.survicate.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ cdn.dnky.co amc.demdex.net www.google.com www.facebook.com youtube.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net 'self' data: maps.gstatic.com maps.googleapis.com accounts.google.com www.facebook.com www.google.com.co js.intercomcdn.com intercomassets.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://www.google.com *.gstatic.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com connect.facebook.net player.vimeo.com https://maps.googleapis.com static.hotjar.com *.clarity.ms surveys-static.survicate.com script.hotjar.com widget.intercom.io js.intercomcdn.com api-iam.intercom.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.googleapis.com *.gstatic.com cdn.dnky.co https://surveys-static.survicate.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io t.elasticsuite.io *.google-analytics.com maps.googleapis.com api.comapi.com bam.nr-data.net t.clarity.ms stats.g.doubleclick.net api-iam.intercom.io wss://nexus-websocket-a.intercom.io wss://ws.hotjar.com https://content.hotjar.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https: wss:; report-uri https://forlagshuset.report-uri.com/r/t/csp/reportOnly 2
font-src *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.klarnacdn.net *.kalogirou.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.facebook.com www.facebook.com www.youtube.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com www.google.com *.google.com *.doubleclick.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cookiebot.com www.youtube.com *.klarna.com *.contactpigeon.com *.googlesyndication.com *.skroutz.gr *.twitter.com www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com connect.facebook.net graph.facebook.com business.facebook.com www.google.gr *.cookiebot.com *.google-analytics.com maps.gstatic.com *.kalogirou.com *.contactpigeon.com www.youtube.com *.sharethis.com *.klarnacdn.net *.googlesyndication.com *.cloudflare.com *.klarna.com *.googleadservices.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.skroutz.gr www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io 'self' data: *.cookiebot.com *.googleadservices.com stats.g.doubleclick.net googleads.g.doubleclick.net *.contactpigeon.com *.kalogirou.com www.youtube.com *.go-mpulse.net *.sharethis.com *.klarnacdn.net *.klarnaservices.com *.google.gr *.taboola.com *.skroutz.gr *.googlesyndication.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.contactpigeon.com *.kalogirou.com www.youtube.com *.klarnacdn.net *.googlesyndication.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.google-analytics.com www.facebook.com *.facebook.net *.google.com connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io maps.googleapis.com stats.g.doubleclick.net googleads.g.doubleclick.net *.cookiebot.com *.contactpigeon.com *.kalogirou.com www.youtube.com *.go-mpulse.net *.sharethis.com eu.klarnaevt.com *.klarnacdn.net *.klarnaservices.com *.taboola.com *.akstat.io *.googlesyndication.com *.skroutz.gr *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.contactpigeon.com *.googlesyndication.com 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 2
font-src *.typekit.net fonts.gstatic.com use.typekit.net *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.braintreegateway.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com account.fetchify.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com *.paypal.com *.typekit.net p.typekit.net s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com *.gstatic.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.typekit.net amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com s7.addthis.com *.avada.io https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net unpkg.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com cc-cdn.com *.fontawesome.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk ekr.zdassets.com/ *.google-analytics.com analytics.google.com *.facebook.net *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net portal.bulkgate.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com portal.bulkgate.com *.wayforpay.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.facebook.com *.doubleclick.net portal.bulkgate.com *.binotel.com lottie.host ipinfo.io *.wayforpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net https://images.unsplash.com *.google.com.ua *.facebook.com blob: *.biotus.ua *.biotus.kz *.biotus.md *.biotus.ru *.biotus.by *.biotus.az *.biotus.uz *.biotus.ge *.biotus.lt *.biotus.lv *.biotus.ee *.biotus.it *.biotus.ro *.biotusnew.pl biotus.ua biotus.kz biotus.md biotus.ru biotus.by biotus.az biotus.uz biotus.ge biotus.lt biotus.lv biotus.ee biotus.it biotus.ro biotusnew.pl *.gstatic.com *.googleapis.com *.rawgit.com *.jsdelivr.net *.esputnik.com portal.bulkgate.com *.binotel.com *.binotel.ua data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net cdn.ampproject.org raw.githubusercontent.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.cloudflare.com *.facebook.net *.hotjar.com *.hotjar.io *.google.com *.googletagmanager.com *.googleapis.com *.esputnik.com esputnik.com portal.bulkgate.com *.gstatic.com *.binotel.com ipinfo.io *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.esputnik.com portal.bulkgate.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src ipinfo.io 'self' 'unsafe-inline'; media-src *.adobe.com *.binotel.com *.binotel.ua 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.adobe.io performance.typekit.net *.sentry.io cdn.ampproject.org *.doubleclick.net *.hotjar.io *.google.com.ua/ads/* *.google.com/ccm/collect* *.analytics.google.com/g/collect* *.googleapis.com *.esputnik.com esputnik.com portal.bulkgate.com *.gstatic.com wss://*.bulkgate.com *.binotel.com wss://*.binotel.com:9028 ipinfo.io https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
object-src 'none';base-uri 'self';script-src 'nonce-93kfVV6FX4LTazcnsMiSFg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src https: 'strict-dynamic' 'report-sample' 'nonce-00fdEvoC31WCOgZCyRZf5N/gltIc1Q1zePRFU0vxmdA='; base-uri 'self';report-to csp-endpoint 1
object-src 'none';base-uri 'self';script-src 'nonce-4-Ns2aJKKvq6JAEH84NKVQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com test.test.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-CwbPQHAT6IlfC0S6MMCZhA=='; report-uri https://send.hsbrowserreports.com/csp/report; 1
object-src 'none';base-uri 'self';script-src 'nonce-f9CgCcwTZ5JiL-eXTHAHmg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src https 'strict-dynamic' 'report-sample' 'wasm-unsafe-eval' 'nonce-HsfV2OEaJxFHMjAf2AVBCxaJ0I+ZLAL8xOFFwGEcoWw='; base-uri 'self'; report-to csp-endpoint 1
object-src 'none';base-uri 'self';script-src 'nonce-4F7DjLies2wEMP8wyTH18A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-8oDm6kPokV-8NRtzzQQzjw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-vpWXS0GiPKYGrsvOghF6Yg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-EwW8Z_9y5uoUiEy62WnhhA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https:; upgrade-insecure-requests; script-src 'self' 'unsafe-eval' https: 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline' https:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data: blob:; style-src 'self' 'unsafe-inline' https:; frame-src 'self' https:; child-src 'self' blob: https:; manifest-src 'self'; frame-ancestors 'self' https:; worker-src 'self' https: blob:; form-action 'self' *.twitter.com *.google.com *.facebook.com connect.facebook.net forms.hsforms.com forms.hubspot.com; base-uri 'self'; object-src 'self'; connect-src 'self' https: data:; report-uri https://typeformwww.report-uri.com/r/t/csp/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-TsMlnUtXQSFzV2rr1jO4EA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none' media.blueapron.com; manifest-src 'self'; media-src 'self' static.zdassets.com media.blueapron.com 1
object-src *.leboncoin.fr *.leboncoin.io *.leboncoin.ci; frame-ancestors *.leboncoin.fr *.leboncoin.io *.leboncoin.ci; report-uri https://api.leboncoin.fr/api/csp-report/v1/report/; 1
default-src 'self'; base-uri 'self'; font-src cdn.jsdelivr.net; frame-src 'self' cse.google.com www.google.com; img-src 'self' *.amazonaws.com  www.google.com cdn.jsdelivr.net clients1.google.com www.googleapis.com *.gstatic.com pbs.twimg.com *.hypemarks.com *.tintup.com www.google-analytics.com stats.g.doubleclick.net cdn.webcomponents.ucla.edu data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com *.googletagmanager.com www.youtube.com cse.google.com cdn.jsdelivr.net *.ytimg.com cdnjs.cloudflare.com www.google-analytics.com *.amazonaws.com cdn.webcomponents.ucla.edu *.gstatic.com data:; style-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net cdn.webcomponents.ucla.edu cdnjs.cloudflare.com www.google.com; connect-src 'self' weather.atmos.ucla.edu www.google-analytics.com stats.g.doubleclick.net; report-uri /csp-hotline.php 1
object-src 'none';base-uri 'self';script-src 'nonce-xiV3ZExl3RZYMtyozqenCg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://variety.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'nonce-d29aa650d54b37476ada79967c9db3da' 'self'; img-src * data:; style-src 'self' 'unsafe-inline' *.cassiecloud.com *.itv.com; style-src-elem 'self' 'unsafe-inline' *.cassiecloud.com *.itv.com; font-src 'self' *.itv.com; connect-src 'self' *.amplitude.com *.akamaihd.net *.amazonaws.com *.cassiecloud.com *.conviva.com *.facebook.net *.facebook.com *.analytics.google.com *.google-analytics.com *.hotjar.com *.hotjar.io *.irdeto.com *.2cnt.net *.itv.com https://http-inputs-itv.splunkcloud.com:443/services/collector *.stripe.com *.syrenis.com *.tiktok.com *.impact.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.amplitude.com *.cassiecloud.com *.facebook.net *.facebook.com *.analytics.google.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.2cnt.net *.itv.com *.stripe.com *.tiktok.com bugcrowd.com assets.bugcrowdusercontent.com *.impactcdn.com ; media-src 'self' blob: *.amplitude.com *.akamaihd.net *.itv.com *.brightcovecdn.com; worker-src 'self' blob:; object-src 'self' data:; frame-src 'self' *.facebook.net *.facebook.com *.flashtalking.com *.stripe.com bugcrowd.com; 1
default-src 'self' 'unsafe-inline' https://static-assets.ny.gov; script-src 'self' https://static-assets.ny.gov https://*.googletagmanager.com https://www.google-analytics.com; img-src 'self' https://static-assets.ny.gov https://*.google-analytics.com https://*.googletagmanager.com; connect-src https://static-assets.ny.gov https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://stats.g.doubleclick.net; report-uri /report-csp-violation 1
default-src https: 'self' data: blob:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline' blob:; report-uri https://services.fandom.com/csp-logger/csp/upstream 1
script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' *.messenger.com https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *.facebook.com *.fbcdn.net *.messenger.com;connect-src http://localhost:3103 *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' *.messenger.com wss://*.messenger.com www.messenger.com wss://*.messenger.com:* https://*.google-analytics.com;font-src *.messenger.com *.facebook.com https://*.fbcdn.net data: https://fonts.gstatic.com;img-src *.fbcdn.net https://*.facebook.com cdninstagram.com *.cdninstagram.com data: *.fbsbx.com *.messenger.com messenger.com blob: android-webview-video-poster: *.xx.fbcdn.net https://messenger.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://*.google-analytics.com;media-src *.messenger.com *.facebook.com https://*.fbcdn.net data: *.fbsbx.com *.fbcdn.net *.cdninstagram.com blob: https://*.giphy.com;frame-src *.messenger.com *.facebook.com https://*.fbcdn.net data: *.fbsbx.com *.fbcdn.net *.cdninstagram.com blob: *.doubleclick.net;worker-src *.messenger.com/static_resources/webworker_v1/init_script/ *.messenger.com/static_resources/webworker/init_script/ *.messenger.com/static_resources/sharedworker/init_script/ *.messenger.com/static_resources/webworker/map_libre/ *.messenger.com/static_resources/webworker/map_libre_rtl/ *.messenger.com/sw/ *.messenger.com/sw;block-all-mixed-content;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.rollingstone.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-ZHSIs2CW/S4z6DXnQHaixQYLdGteWk8MHyhTtb0iclY=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard 1
default-src 'self' https://cdn.ampproject.org https://snap.licdn.com https://www.youtube.com *.youtube.com http://www.google-analytics.com https://www.googletagmanager.com https://consent.bumble.com *.typeform.com *.doubleclick.net *.taboola.com; script-src 'self' 'unsafe-inline' 'report-sample' 'nonce-WpyLglnasf1f6QcuxK7UCA==' https://cdn.ampproject.org https://snap.licdn.com https://www.youtube.com *.youtube.com http://www.google-analytics.com https://www.googletagmanager.com https://consent.bumble.com *.typeform.com *.doubleclick.net *.taboola.com; style-src 'self' 'unsafe-inline' *.typeform.com; connect-src 'self' https://cdn.ampproject.org https://consent.bumble.com https://www.googletagmanager.com http://www.google-analytics.com *.analytics.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com/pagead *.googlesyndication.com; child-src 'self'; font-src 'self' data:; manifest-src 'self'; base-uri 'self'; frame-src 'self' https://cdn.ampproject.org https://snap.licdn.com https://www.youtube.com *.youtube.com http://www.google-analytics.com https://www.googletagmanager.com https://consent.bumble.com *.typeform.com *.doubleclick.net *.taboola.com; img-src * data: blob: www.googletagmanager.com; media-src * data: blob:; report-uri /jss/csp_report.phtml?token=bumble_team_site&env=production; 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://rbmeuulvihtwm2eltjhwimi2.httpschecker.net/report 1
base-uri 'none'; child-src *.shipt.com *.adsrvr.org *.criteo.com *.criteo.net *.doubleclick.net *.googlesyndication.com *.kampyle.com *.medallia.com *.pinterest.com *.recruitics.com *.sprinklr.com *.use1.pure.cloud *.visammg.com apps.rokt.com hooks.stripe.com js.stripe.com recaptcha.google.com request.eprotect.vantivprelive.com request.eprotect.vantivcnp.com www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com tr.snapchat.com www.youtube.com csxd.shipt.com 'self' blob:; connect-src 'self' *.bing.com *.branch.io *.clarity.ms *.contentsquare.net *.criteo.com *.criteo.net *.doubleclick.net *.dynatrace.com *.google.com google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.kampyle.com *.medallia.com *.mouseflow.com *.shipt.com *.sprinklr.com *.use1.pure.cloud *.bugsnag.com d37hm4w715hh7d.cloudfront.net adservice.google.com analytics.tiktok.com api.segment.io api.stripe.com js.stripe.com cdn.segment.com connect.facebook.net ct.pinterest.com s.yimg.com tr.snapchat.com wss://*.sprinklr.com www.facebook.com www.googletagmanager.com zapier.com https://p2blobstore.blob.core.windows.net; font-src 'self' data: *.kampyle.com *.medallia.com *.sprinklr.com *.shipt.com; form-action *.facebook.com *.shipt.com accounts.google.com appleid.apple.com ct.pinterest.com tr.snapchat.com; frame-ancestors *.shipt.com; img-src 'self' data: blob: *; object-src 'none'; script-src 'nonce-689d8555dc11f840cdd1a1a3bea06883' 'self' 'report-sample' *.bing.com *.clarity.ms *.criteo.com *.criteo.net *.dstillery.com *.doubleclick.net *.googlesyndication.com *.hlserve.com *.kampyle.com *.medallia.com *.media6degrees.com *.recruitics.com *.shipt.com *.sprinklr.com *.use1.pure.cloud *.dynatrace.com adserver.pandora.com analytics-sm.com js.adsrvr.org s.pinimg.com ct.pinterest.com sc-static.net ajax.cloudflare.com analytics.tiktok.com app.contentsquare.com apps.rokt.com dhqbrvplips7x.cloudfront.net app.link connect.facebook.net cdn.branch.io cdn.mouseflow.com cdn.segment.com js.stripe.com maps.googleapis.com p2blobstore.blob.core.windows.net request.eprotect.vantivprelive.com request.eprotect.vantivcnp.com t.contentsquare.net tr.snapchat.com snap.licdn.com web.btncdn.com www.google.com/recaptcha/ www.googleadservices.com www.googletagmanager.com www.gstatic.com/recaptcha/ s.yimg.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.kampyle.com *.medallia.com *.shipt.com; worker-src 'self' blob:; default-src 'self'; media-src 'self' *.shipt.com *.use1.pure.cloud *.sprinklr.com 1
connect-src *; default-src 'self'; font-src https://fonts.gstatic.com data: 'self' https://font.static.useinsider.com https://mobilefont.useinsider.com https://assets.api.useinsider.com https://fonts.app.apty.io https://use.fontawesome.com https://at.alicdn.com https://fonts.googleapis.com http://themes.googleusercontent.com https://static.preply.com https://static.hsappstatic.net https://assets.merci-app.com https://maxcdn.bootstrapcdn.com https://cdn-uicons.flaticon.com; frame-src *.api.useinsider.com https://insider.b2metric.com; img-src *; media-src blob: 'self'; script-src 'unsafe-inline' 'self' 'unsafe-eval' https://fast.wistia.com *.api.useinsider.com https://www.google-analytics.com https://www.googletagmanager.com mfe.useinsider.com https://cdnjs.cloudflare.com https://unpkg.com https://js.hsforms.net https://script.hotjar.com https://static.userguiding.com https://static.hotjar.com https://inone.useinsider.com https://api.useinsider.com https://edge.fullstory.com/s/fs.js https://browser.sentry-cdn.com/ https://edge.fullstory.com https://widget.usersnap.com https://static.getbeamer.com https://client.app.apty.io https://action-builder-bundle.useinsider.com connect.facebook.net https://resources.usersnap.com https://app.getbeamer.com https://assets-staging.useinsider.com; style-src assets.api.useinsider.com 'unsafe-inline' 'self' https://fonts.googleapis.com https://unpkg.com; worker-src blob: https://*.inone.useinsider.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=RnSxg.RXDG8RFOXtvw4QIA6GgHDz_MrjL1TmGC7zjVQ-1721959624-1.0.1.1-hyZTIPCsvwPtLjuG69yhCg3dI78Va4aZKQ86tb1MCRQ1WVS.QlS8JEAVr6NAqEt37lv0ZK8GdsPkMTFeTevnptn9DqLJzvKkGvGcvh4_7T31j5Yw4nxffVWiXLAhK_p21xzKjDYQ44XQT9TkWESP8PIL0rRyzQhP.7aj1XIgWtd_PJBKoWDd6r0CYPiLT_lGPa3SKsHGAGKEPSUmmRcJSA; report-to cf-vrnviopikibivkdf 1
script-src 'nonce-0419f7d69f35414096af284d02ffb3cc' 'strict-dynamic' 'wasm-unsafe-eval' 'unsafe-eval' *.bdxiguastatic.com *.bytescm.com *.bytetos.com *.toutiao.com *.ibytedapm.com bdxiguastatic.com *.bytegoofy.com;img-src blob: data: *.douyinstatic.com *.toutiaoimg.com *.bdxiguastatic.com *.bdxiguaimg.com *.bytexservice.com *.bytednsdoc.com *.douyinpic.com *.byteeffecttos.com *.byteacctimg.com *.byteimg.com *.bytecdn.cn http: *.ixigua.com *.itoutiaoimg.com *.toutiaostatic.com s.360.cn *.bytescm.com *.byted.org pos.baidu.com www.gstatic.com jonypractic.net wx.qlogo.cn;report-to slardar-endpoint;style-src blob: 'self' pwm-image.trendmicro.com www.gstatic.com cdn.jsdelivr.net plugin.newmorehot.com *.bytedance.net lib.baomitu.com *.bdxiguastatic.com 'unsafe-inline';manifest-src *.bytednsdoc.com;frame-src wo.laiwoshop.com pwm-image.trendmicro.com a.safen100.com c.safen110.com m.youtube.com code.woqrcode.com api.xiaoduis.com *.ixigua.com cdn.hunong.xyz cha.chaweather.com cx.chacizus.com v2.maoyinews.xyz *.summer5188.com tj.shshinfo.com www.mgtv.com vip.zhanyangsh.cn; 1
object-src 'none';base-uri 'self';script-src 'nonce-w3jIYJqmLZpS0GFAGOamlg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-qjxJid7Zj1SAUfdIqdQ4vA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-je5J6C9YBd5JAZ041dVNeg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-8VtItWIqEmbrhXfd8Hyq9w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-RYCq0s_BN8Vrb7NfftpPyw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-n4yJ5cFp12Bg9PMRp5McsQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-_qE5J_RMcE8YtMwor8ujOA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-0y8iwA1-8qSeUbSt4a16-A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-EHaz9PhhXk2mGmXYA_WcIQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-8K_32OvyELWF15dtAXk6Dw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-EUhq_XxEJCkYrmRBr9O82w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-45bxiP1Ssq_q-sh6L2Q-PA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/safety_google 1
default-src 'unsafe-eval' 'unsafe-inline' 'self' http: https: data: wss: blob: chrome-extension ; report-uri /cgi-bin/csp-reports.cgi 1
object-src 'none';base-uri 'self';script-src 'nonce-wOOGw9tEAtY5_HBFXISjrw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-6-4yTaj8VrPOpqQjFrqDFQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-iQ-_-FcSulfR5w9GEca0Dw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-CQ8-ejCEYRR1FGCQVp7mzA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-kJdOAUXNDslCRDzDXmsgPA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-x__UNf-zGnAqA2e-B9pNrw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'unsafe-inline' 'unsafe-eval' https: blob:; object-src data: https://d1785e74lyxkqq.cloudfront.net https://h.online-metrix.net; base-uri 'none'; report-uri https://tvlk.report-uri.com/r/d/csp/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-DKuE5hoNjA-Jq-s1SEWXfA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self';script-src-elem 'self' https://snap.licdn.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js.hs-analytics.net/analytics/ https://www.googletagmanager.com/gtag/ https://js.hs-banner.com/ https://js.hsadspixel.net/ https://x.clearbitjs.com/ https://reveal.clearbit.com/ https://tag.clearbitscripts.com/ https://cdn.koala.live/ https://app.leandata.com/ https://www.datadoghq-browser-agent.com/ https://cdn.jsdelivr.net/ 'nonce-80f6174bb76beeab';report-uri /api/report_csp_violation;object-src 'self';form-action 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-hlRXrLsIcRonYYp4cg26-w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-nXqFsK1ez_t_wxAZuuF7hA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-4nkxQU9lpGN2_DqJzWDpaQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-nzRMzAGn9kSlKBPMM53miw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-a0DE7NARuGKc63lc1AxDcw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-ObyNldI7zN7KrVOHbZr0Vg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-1bh-hHMgksht5A7qciGWbw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-nHnaAqNLslSyaTKBVCq1fg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-uGAEq_Ews3XMfJIp4CrKaQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-DQkfoFyzez3RDhLD3mwbFQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-s1e4pWU-mWVvxMJUWxdfMw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-XoqsEiVM7y1nDoPx9w03hw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-wzhaNreMhez83fc3qcd8fQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-QEym7VFZaRPQdKjD-myHuQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-kl5x_g9URMh3ZlDLf3Hrvw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-kSRuylHhkbUNyBA-HwmnQA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-IQ6r2UGbcxHLc6sDUIgxDA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-vqIVocCaACe8COZESC-45w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; img-src 'self' data: http: https: *.fia-tech.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com; font-src 'self' data: http: https: fonts.googleapis.com themes.googleusercontent.com; 1
object-src 'none';base-uri 'self';script-src 'nonce-3U7uzqCUkNSDIBh1DPJ7KQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-5j44beIGHT7KyELXunQDsg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-DG56Iz7TvQxTmsE-x86Mpw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-M53Ut7Fj4sYRxfrM6AjheQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-KSKPh5u8GzmIp68JpacJ7A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-M5oZ4f73eZxMpqYmkqWv-Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-TJEup7_77VmXmOyo0S-8_w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-QcFSd2a4HndCdvRTkCFzcw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-IwAwVYsp2UoK45-ikhm8XQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-rEoeChQLOdO17v5izAvKUw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-XIkHFOa6PBgFxXGNVr0ZOQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce--Qw5GUN9xsbVR8SQDb6CKg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'self'; report-to csp-endpoint 1
object-src 'none';base-uri 'self';script-src 'nonce-A3mqaaUM9sg1vwjVPM20dw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'self' ; report-uri https://www.pdffiller.com/api_v3/security_report/cspViolationsReport?apiKey=rs3dwgboso31.apps.marketing_pages 1
object-src 'none';base-uri 'self';script-src 'nonce-65EnkFU9fRHHgxDfIpJj0w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' addtocalendar.com cdn.amcharts.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://script.crazyegg.com https://stage-unifiedsearch.geapps.io https://unifiedsearch.geapps.io https://unpkg.com; script-src-attr 'self'; style-src 'self' addtocalendar.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://stage-unifiedsearch.geapps.io https://unifiedsearch.geapps.io maxcdn.bootstrapcdn.com; style-src-attr 'self'; frame-ancestors 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-WdGLWh1NGwz4eU39Gob5KA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' yastatic.net s3.yandex.net s3.mds.yandex.net hr-tech-frontend.s3.yandex.net hr-tech-frontend.s3.mds.yandex.net mc.yandex.ru mc.webvisor.com mc.webvisor.org pass.yandex.ru social.yandex.ru 'unsafe-eval' 'sha256-g6wAhazrQ/CxI1RuWkraxIG5qP1mBSpAverujW2I1SI=' 'sha256-YFz3vcsv8rCch21ZGxisZ/fzn3+wU0H4nHUAsD1Tth0=' 'sha256-nprYhJa+xRiixcBZjxOs/z5DpeJqTXYIQqOBOQZYyaE=' 'sha256-Itl+rUZYMvu1I0YhOGUnXrmd57jSbtn1bwe6EhPDvU4='; style-src 'self' yastatic.net s3.yandex.net s3.mds.yandex.net hr-tech-frontend.s3.yandex.net hr-tech-frontend.s3.mds.yandex.net 'unsafe-inline'; font-src 'self' yastatic.net s3.yandex.net s3.mds.yandex.net hr-tech-frontend.s3.yandex.net hr-tech-frontend.s3.mds.yandex.net; img-src 'self' yastatic.net s3.yandex.net s3.mds.yandex.net hr-tech-frontend.s3.yandex.net hr-tech-frontend.s3.mds.yandex.net mc.webvisor.com mc.webvisor.org mc.yandex.ru mc.admetrica.ru passport.yandex.ru data: *.yandex-team.ru avatars-int.mds.yandex.net; media-src 'self' yastatic.net s3.yandex.net s3.mds.yandex.net hr-tech-frontend.s3.yandex.net hr-tech-frontend.s3.mds.yandex.net; connect-src yandexmetrica.com:* mc.webvisor.com mc.webvisor.org mc.yandex.ru mc.admetrica.ru yandex.ru ya.ru passport.yandex.ru sso.passport.yandex.ru 'self' *.yandex-team.ru ws: wss: data: yastatic.net; child-src blob: mc.yandex.ru forms.yandex.ru forms.yandex-team.ru; frame-src blob: mc.yandex.ru mc.yandex.md forms.yandex.ru forms.yandex-team.ru 'self' yandex-team.ru/hsts *.yandex-team.ru; frame-ancestors webvisor.com *.webvisor.com http://webvisor.com http://*.webvisor.com; report-uri https://csp.yandex.net/csp?from=yteam&project=yteam; 1
object-src 'none';base-uri 'self';script-src 'nonce-iHZWZglX1f4nwj-GngqAvA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-0Og3L1GhIQx9--uLsOCtTQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-sA67v-GxKUK3kdXAS9kC6A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-PR-4iK15RxNLtdHC3_MV4w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-iii4d5gRV7ANrGbVsDJgCw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https://api.mixpanel.com; script-src 'self' 'unsafe-eval' 'nonce-vw/M1EJtfJm4SIes+W5PaCZGFTwAGtQUq/fcbk8QS9ZWpPve9CW6MVbxhTZeopQWzWf9HgCW2H9DE5IQs2sQjQ==' https://*.facebook.net https://www.facebook.com https://snap.licdn.com https://connect.liblynx.com https://sandbox.liblynx.com https://www.google-analytics.com https://optimize.google.com https://ssl.google-analytics.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://cdn.mxpnl.com https://cdn4.mxpnl.com https://api.mixpanel.com https://www.googletagmanager.com https://kit.fontawesome.com https://use.fontawesome.com https://pro.fontawesome.com https://scholar.google.com https://api.altmetric.com https://d1bxh8uas1mnw7.cloudfront.net https://js.trendmd.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; img-src 'self' https://ssl.google-analytics.com https://www.google-analytics.com https://optimize.google.com https://www.googletagmanager.com https://connect.liblynx.com https://sandbox.liblynx.com https://stats.g.doubleclick.net https://cdn.mxpnl.com https://images.mxpnl.com https://badges.altmetric.com https://d1uo4w7k31k5mn.cloudfront.net https://www.facebook.com https://px.ads.linkedin.com https://www.linkedin.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io data:; connect-src 'self' https://shop.emerald.com/ https://www.facebook.com https://www.google-analytics.com https://api.mixpanel.com/ https://scholar.google.com https://*.trendmd.com https://cc.trendmd.co https://ka-p.fontawesome.com https://kit.fontawesome.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; style-src 'self' 'nonce-vw/M1EJtfJm4SIes+W5PaCZGFTwAGtQUq/fcbk8QS9ZWpPve9CW6MVbxhTZeopQWzWf9HgCW2H9DE5IQs2sQjQ==' https://optimize.google.com https://fonts.googleapis.com https://use.fontawesome.com https://pro.fontawesome.com https://ka-p.fontawesome.com https://d1bxh8uas1mnw7.cloudfront.net https://trendmd.s3.amazonaws.com https://css.trendmd.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://use.fontawesome.com https://pro.fontawesome.com https://ka-p.fontawesome.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' https://www.googletagmanager.com https://optimize.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; object-src 'self' 1
default-src 'self' 'unsafe-inline' *.epfl.ch; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.epfl.ch https://ajax.googleapis.com https://cdnjs.cloudflare.com https://connect.facebook.net https://platform.twitter.com https://www.google-analytics.com https://www.googletagmanager.com https://www.instagram.com https://www.youtube.com https://*.cast.switch.ch https://player.vimeo.com; object-src 'none'; connect-src 'self' https://*.cast.switch.ch https://*.cloudfront.net *.epfl.ch https://api.cdnjs.com https://*.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com; frame-src 'self' *.epfl.ch https://datawrapper.dwcdn.net https://player.vimeo.com https://api.cast.switch.ch https://platform.twitter.com https://www.instagram.com https://www.youtube.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com *.epfl.ch; font-src 'self' https://fonts.gstatic.com *.epfl.ch data:; media-src 'self' *.epfl.ch https://*.cloudfront.net data:; img-src * data: https://s.w.org https://syndication.twitter.com https://www.google-analytics.com; worker-src 'none' blob:; report-uri https://report-uri.epfl.ch/csp-report; 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/about_google 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.indiewire.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
connect-src https:; child-src https:; default-src https:; font-src data: https:; form-action https:; frame-ancestors 'self' *.ffxblue.com.au *.ffx.io *.afr.com *.cdn.ampproject.org *.platform.ink; frame-src https:; img-src https: data:; media-src blob: https:; object-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; script-src-attr https: 'unsafe-eval' 'unsafe-inline'; script-src-elem https: 'unsafe-eval' 'unsafe-inline'; style-src https:; style-src-attr 'unsafe-inline'; style-src-elem https: 'unsafe-inline'; worker-src blob:; report-uri https://csp.ffx.io/; report-to csp-endpoint 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.sheknows.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
frame-ancestors 'self' https://www.rferl.org/embed https://www.rferl.org/embed/player https://www.rferl.org/embed/player/0 https://www.rferl.org/embed/player/1 https://www.rferl.org/ext https://www.rferl.org/widget; report-uri https://csp.pangeadigital.io/cspreport 1
default-src https: data: blob: wss: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-to default; report-uri https://sentry.io/api/256178/csp-report/?sentry_key=c2fb05422b2242faaec1d6d8a2a000fc&sentry_environment=production&sentry_release=1.1.196 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' bat.bing.com cdn.cookielaw.org code.jquery.com connect.facebook.net data: googleads.g.doubleclick.net js.ipredictive.com platform.instagram.com platform.twitter.com qvdt3feo.com s.yimg.com snap.licdn.com tags.srv.stackadapt.com try.abtasty.com www.googletagmanager.com www.instagram.com cdn.jsdelivr.net https://cdnjs.cloudflare.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' agadata.online apis.google.com bat.bing.com cdn.cookielaw.org code.jquery.com colegiodiocesanosantaclara.imtlazarus.com:6443 connect.facebook.net data1.blamap.com get663.com googleads.g.doubleclick.net js.ipredictive.com lf16-tiktok-web.tiktokcdn-us.com nrdcapps.org pixel.byspotify.com platform.instagram.com platform.twitter.com public.tableau.com qvdt3feo.com s.yimg.com sc-static.net snap.licdn.com tags.srv.stackadapt.com translate-pa.googleapis.com translate.google.com translate.googleapis.com try.abtasty.com www.google-analytics.com www.googletagmanager.com www.instagram.com www.nrdcapps.org www.pagespeed-mod.com www.scrible.com www.tiktok.com www.vimeo.com www.youtube.com cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' cdn.honey.io tags.srv.stackadapt.com www.gstatic.com cdn.jsdelivr.net fonts.googleapis.com https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' blob: cdn.honey.io lf16-tiktok-web.tiktokcdn-us.com nrdcapps.org sf16-website-login.neutral.ttwstatic.com tags.srv.stackadapt.com www.googletagmanager.com www.gstatic.com www.nrdcapps.org www.scrible.com cdn.jsdelivr.net fonts.googleapis.com https://cdnjs.cloudflare.com; worker-src 'self' blob:; frame-ancestors 'self'; report-uri https://nrdc.report-uri.com/r/d/csp/wizard 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com test.test.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-xiR9KR467g3wCo1exI/fHw=='; report-uri https://send.hsbrowserreports.com/csp/report; 1
base-uri 'self';connect-src https://*.go-mpulse.net https://*.akstat.io 'self' https: *.sentry.io *.amplitude.com *.care.com *.carezen.net *.signalfx.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net font.google.com analytics.google.com tagmanager.google.com www.google.com https://*.hotjar.com https://vc.hotjar.io https://content.hotjar.io https://events.hotjar.io https://surveystats.hotjar.io wss://*.hotjar.com https://geolocation.onetrust.com;default-src 'self' wss://*.care.com *.care.com *.careapis.com *.carezen.net *.cdn-care.com care.com cdn-care.com www.gstatic.com www.google.com *.googlesyndication.com tags.tiqcdn.com tags-eu.tiqcdn.com tk.getwork.com tr.snapchat.com shareasale.com *.doubleclick.net apps.rokt.com bid.g.doubleclick.net tags.w55c.net *.linkedin.com www.pinterest.com carecom.sjv.io staging-pt.ispot.tv ct.pinterest.com;font-src 'self' data: https://www.care.com https://www.dev.carezen.net https://www.stg.carezen.net fonts.gstatic.com https://script.hotjar.com;frame-ancestors 'self';img-src data: blob: *;object-src 'none';script-src https://*.go-mpulse.net 'nonce-ee92740bbbb385fb706a16aa7f1b285c' 'self' *.akamaihd.net *.care.com *.careapis.com *.carezen.net *.cdn-care.com *.cloudfront.net *.googlesyndication.com *.sift.com *.monetate.net acsbapp.com analytics.tiktok.com apps.rokt.com bat.bing.com care.com cdn-care.com cdn.pdst.fm connect.facebook.net d.impactradius-event.com googleads.g.doubleclick.net maps.googleapis.com s.pinimg.com ssl.google-analytics.com tags-eu.tiqcdn.com tags.tiqcdn.com wss://*.care.com www.emjcd.com www.google-analytics.com www.google.com www.googleadservices.com *.googletagmanager.com www.gstatic.com tr.outbrain.com tags.w55c.net clarity.ms staging-pt.ispot.tv tracker.mnixdata.com *.mountain.com tagmanager.google.com s.go-mpulse.net collector-12308.tvsquared.com js.adsrvr.org https://static.hotjar.com https://script.hotjar.com https://cdn.cookielaw.org 'nonce-754c896375a683831c93c898160ae9c5' 'strict-dynamic';frame-src 'self' alchemy.veriff.com www.google.com recaptcha.google.com bid.g.doubleclick.net 12355078.fls.doubleclick.net s.go-mpulse.net carecom.sjv.io apps.rokt.com tr.snapchat.com 3239339.fls.doubleclick.net https://vars.hotjar.com insight.adsrvr.org https://www.youtube.com/;style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.google.com https://static.hotjar.com https://script.hotjar.com 'nonce-754c896375a683831c93c898160ae9c5';style-src-attr 'self' 'unsafe-inline' tags.tiqcdn.com tags-eu.tiqcdn.com bat.bing.com;upgrade-insecure-requests;report-uri https://o466311.ingest.sentry.io/api/6004104/security/?sentry_key=2c284ff228ac4d0e8b8ad9ea17497eee&sentry_release=vhp-mfe%402.5.0&sentry_environment=prod 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.honey.io p.yotpo.com *.snapchat.com survey.survicate.com *.googleapis.com bat.bing.com www.google.com.au *.paypal.com *.opendns.com www.google-analytics.com www.youtube.com druidbotservice.prod.druidprod.a-kmtkmg.net api-widgets.preezie.io www.google.com.my apis.google.com *.pinterest.com *.kmart.com.au www.googletagmanager.com staticw2.yotpo.com cdn.truefitcorp.com *.windows.net sc-static.net c.oracleinfinity.io yotpo-stool.s3.amazonaws.com cdn-yotpo-images-production.yotpo.com unpkg.com *.optimizely.com js-agent.newrelic.com *.gstatic.com applepay.cdn-apple.com qoe-1.yottaa.net paydock.as1.gpayments.net analytics.google.com rum.browser-intake-datadoghq.com *.cloudfront.net *.tiktok.com www.google.co.id widget.paydock.com ui-widgets.preezie.io surveys-static.survicate.com databridge.tdbtrk.com *.doubleclick.net consumer.truefitcorp.com wss://druidbotapi.prod.druidprod.a-kmtkmg.net api.yotpo.com api.paydock.com gateway.zscalerone.net druidapc.prod.druidprod.a-kmtkmg.net webservice.salefinder.com.au www.myregistry.com embed.salefinder.com.au widget-cdn.preezie.com *.facebook.net *.flashtalking.com *.custhelp.com lh3.google.com *.facebook.com www.google.co.in *.azureedge.net kmartau.mo.cloudinary.net ac.cnstrc.com www.google.de respondent.survicate.com *.xg4ken.com druidapi.prod.druidprod.a-kmtkmg.net rapid-cdn.yottaa.com receipts.slyp.com.au *.tealiumiq.com embed.salefinder.co.nz dc.oracleinfinity.io bam.nr-data.net *.pinimg.com cnstrc.com seoab.io tags.tiqcdn.com www.google.com.sg images.ctfassets.net www.google.co.nz region1.analytics.google.com quick-ar.threedy.ai wss://druidbotservice.prod.druidprod.a-kmtkmg.net prod-fn-analytics.azurewebsites.net api-cdn.yotpo.com adservice.google.com translate.google.com www.paypalobjects.com www.google.com *.googleadservices.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/chromebook 1
object-src 'none';base-uri 'self';script-src 'nonce-GmwnYLgkmt31jHhTLmj-tg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https: wss: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; report-uri /_/csp-reports 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/googleorg 1
font-src *.dedeman.ro data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com maps.google.com *.recaptcha.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.dedeman.ro maps.gstatic.com *.google-analytics.com *.googletagmanager.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.nr-ext.net *.nr-assets.net *.dedeman.ro maps.googleapis.com *.google-analytics.com *.recaptcha.net chimpstatic.com downloads.mailchimp.com *.list-manage.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.dedeman.ro downloads.mailchimp.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src *.dedeman.ro 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.bolt.com *.dedeman.ro maps.googleapis.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.dedeman.ro maps.googleapis.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src bam.nr-data.net cdn.growthbook.io cdn-ukwest.onetrust.com geolocation.onetrust.com pagead2.googlesyndication.com privacyportal-uk.onetrust.com prod.global-fragments-server.green.which.co.uk tpc.googlesyndication.com *.safeframe.googlesyndication.com 'unsafe-inline' 'self' http://localhost:* http://*.which.co.uk https://*.which.co.uk;script-src a.quora.com ajax.googleapis.com bat.bing.com c.amazon-adsystem.com cdn-magiclinks.trackonomics.net cdn-ukwest.onetrust.com cdn.amplitude.com cdn.jsdelivr.net connect.facebook.net ct.pinterest.com cdn.growthbook.io googleads.g.doubleclick.net manifest.prod.boltdns.net maps.googleapis.com pagead2.googlesyndication.com platform.twitter.com player.captivate.fm players.brightcove.net prod.global-fragments-server.green.which.co.uk public.flourish.studio pym.nprapps.org region1.google-analytics.com s.pinimg.com siteintercept.qualtrics.com static-ssl.responsetap.com static.ads-twitter.com static.digidip.net t.contentsquare.net tpc.googlesyndication.com track.omguk.com which.resultspage.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com yksbw1yr.micpn.com zeta-live.getsquirrel.co znbiyguoobqgm5gwu-which.siteintercept.qualtrics.com 'unsafe-inline' 'self' http://localhost:* http://*.which.co.uk https://*.which.co.uk;style-src aaf1a18515da0e792f78-c27fdabe952dfc357fe25ebf5c8897ee.ssl.cf5.rackcdn.com cdn.jsdelivr.net flo.uri.sh fonts.googleapis.com pagead2.googlesyndication.com player.captivate.fm public.flourish.studio service.force.com zeta-live.getsquirrel.co which.resultspage.com 'unsafe-inline' 'self' http://localhost:* http://*.which.co.uk https://*.which.co.uk;font-src fonts-which-co-uk.s3.amazonaws.com player.captivate.fm public.flourish.studio 'unsafe-inline' 'self' http://localhost:* http://*.which.co.uk https://*.which.co.uk;img-src abs-0.twimg.com ad.doubleclick.net ade.googlesyndication.com adservice.google.com alb.reddit.com analytics.twitter.com artwork.captivate.fm bat.bing.com c.contentsquare.net cdn-ukwest.onetrust.com cf-images.eu-west-1.prod.boltdns.net ct.pinterest.com googleads.g.doubleclick.net house-fastly-signed-eu-west-1-prod.brightcovecdn.com maps.gstatic.com media.which.gpp.io metrics.brightcove.com pagead2.googlesyndication.com pbs.twimg.com q.quora.com s3-eu-west-1.amazonaws.com securepubads.g.doubleclick.net siteintercept.qualtrics.com storage.googleapis.com syndication.twitter.com t.co tpc.googlesyndication.com tracking.audio.thisisdax.com trx-hub.com www.facebook.com www.google-analytics.com www.google.co.uk www.google.com yksbw1yr.micpn.com 'unsafe-inline' 'self' http://localhost:* http://*.which.co.uk https://*.which.co.uk;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.algolia.com *.algolia.io *.algolia.net *.algolianet.com algolia.com algolia.io algolia.net algolianet.com blob: data: *.3lift.com *.adroll.com *.affilae.com *.arcade.software *.bidr.io *.casalemedia.com *.clarity.ms *.clearbit.com *.company-target.com *.datadoghq.com *.doubleclick.net *.js.driftt.com *.facebook.com *.getbeamer.com *.googleoptimize.com *.googletagmanager.com *.hotjar.com *.licdn.com *.linkedin.com *.marketo.com *.mktoresp.com *.mutinycdn.com *.onetrust.com *.outbrain.com *.pendo.io *.pingdom.net *.pubmatic.com *.reddit.com *.rlcdn.com *.rubiconproject.com *.sitespect.com *.taboola.com *.twitter.com ajax.googleapis.com amplify.outbrain.com api.amplitude.com api.madkudu.com api.segment.io attr.ml-api.io bat.bing.com browser.sentry-cdn.com cdn.amplitude.com cdn.bizible.com cdn.cookielaw.org cdn.jsdelivr.net cdn.madkudu.com cdn.segment.com cdn.segment.io cdnjs.cloudflare.com client-registry.mutinycdn.com client.mutinycdn.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com getbeamer.com js.driftt.com js.sentry-cdn.com js.stripe.com maxcdn.bootstrapcdn.com munchkin.marketo.net res.cloudinary.com s.ml-attr.com secure.adnxs.com secure.gravatar.com snap.licdn.com static.ads-twitter.com stats.g.doubleclick.net t.co tag.clearbitscripts.com tag.demandbase.com tr.outbrain.com tracking.g2crowd.com user-data.mutinycdn.com www.datadoghq-browser-agent.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com www.redditstatic.com www.welcometothejungle.com x.clearbitjs.com m.servedby-buysellads.com paapi9371.d41.co api.c99.ai analytics.funnelfuel.io v2.d41.co ; img-src * data: *.mutinycdn.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com ; font-src 'self' data: fonts.gstatic.com github.com images.mutinycdn.com maxcdn.bootstrapcdn.com use.typekit.net use.fontawesome.com ; connect-src 'self' *.algolia.com *.algolia.io *.algolia.net *.algolianet.com algolia.com algolia.io algolia.net algolianet.com data: *.clarity.ms *.datadoghq.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.hotjar.com *.hotjar.io *.linkedin.com *.mktoresp.com *.mktoutil.com *.mutinyhq.io *.onetrust.com *.pingdom.net *.segment.com *.segment.io *.sentry.io *.mutinyhq.com *.mutinyhq.io *.mutinycdn.com adservice.google.com api.amplitude.com api.company-target.com api.madkudu.com api.segment.io app.clearbit.com app.getsentry.com backend.getbeamer.com cdn.cookielaw.org d.adroll.com in.hotjar.com maps.googleapis.com prod-algolia-blog-subscription.herokuapp.com raw.githubusercontent.com stats.g.doubleclick.net us-central1-documentation-feedback.cloudfunctions.net user-data.mutinycdn.com vitals.vercel-insights.com wss://*.hotjar.com www.google-analytics.com www.google.com analytics.funnelfuel.io tag-logger.demandbase.com api.c99.ai ; worker-src 'self' blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.algolia.com *.algolia.io *.algolia.net *.algolianet.com algolia.com algolia.io algolia.net algolianet.com blob: data: *.3lift.com *.adroll.com *.affilae.com *.arcade.software *.bidr.io *.casalemedia.com *.clarity.ms *.clearbit.com *.company-target.com *.datadoghq.com *.doubleclick.net *.js.driftt.com *.facebook.com *.getbeamer.com *.googleoptimize.com *.googletagmanager.com *.hotjar.com *.licdn.com *.linkedin.com *.marketo.com *.mktoresp.com *.mutinycdn.com *.onetrust.com *.outbrain.com *.pendo.io *.pingdom.net *.pubmatic.com *.reddit.com *.rlcdn.com *.rubiconproject.com *.sitespect.com *.taboola.com *.twitter.com ajax.googleapis.com amplify.outbrain.com api.amplitude.com api.madkudu.com api.segment.io attr.ml-api.io bat.bing.com browser.sentry-cdn.com cdn.amplitude.com cdn.bizible.com cdn.cookielaw.org cdn.jsdelivr.net cdn.madkudu.com cdn.segment.com cdn.segment.io cdnjs.cloudflare.com client-registry.mutinycdn.com client.mutinycdn.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com getbeamer.com js.driftt.com js.sentry-cdn.com js.stripe.com maxcdn.bootstrapcdn.com munchkin.marketo.net res.cloudinary.com s.ml-attr.com secure.adnxs.com secure.gravatar.com snap.licdn.com static.ads-twitter.com stats.g.doubleclick.net t.co tag.clearbitscripts.com tag.demandbase.com tr.outbrain.com tracking.g2crowd.com user-data.mutinycdn.com www.datadoghq-browser-agent.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com www.redditstatic.com www.welcometothejungle.com x.clearbitjs.com m.servedby-buysellads.com paapi9371.d41.co api.c99.ai analytics.funnelfuel.io v2.d41.co ; report-uri https://algolia.report-uri.com/r/t/csp/wizard 1
frame-ancestors https://*.workable.com/; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubcbe8d2ef0966e8645a91099cfac490bb&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=%40http.headers.cfray%3A8a907814bd25945e 1
block-all-mixed-content; report-uri https://www.warau.jp/mixedcontentreport.php 1
base-uri 'self';default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: chrome: eval: https: http:;report-uri https://stderr.consumeraffairs.com/api/40/security/?sentry_key=7cf6b3564e4343f68a310b937a3d823e; 1
object-src 'none';base-uri 'self';script-src 'nonce-P3HJY72p5VALyQP3JqMFLA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self'; media-src 'none'; object-src 'self'; worker-src data: blob: 'self'; manifest-src 'self'; child-src https://make.powerapps.com https://webshell.suite.office.com; font-src 'self' data: https://content.powerapps.com https://static.powerapps.com https://static2.sharepointonline.com https://*.cdn.office.net https://appsforoffice.microsoft.com; img-src 'self' data: https://content.powerapps.com https://static.powerapps.com https://connectoricons-df.azureedge.net https://az787822.vo.msecnd.net/; script-src 'self' 'unsafe-eval' 'unsafe-hashes' https://content.powerapps.com https://static.powerapps.com https://*.cdn.office.net https://wcpstatic.microsoft.com https://*.msftauth.net https://*.res.office365.com https://*.monitor.azure.com https://*.flow.microsoft.com https://vsa.services.microsoft.com https://mfpembedcdnmsit.azureedge.net https://appsforoffice.microsoft.com https://cdn.jsdelivr.net/npm/monaco-editor@0.33.0 'sha256-y7y27Uq4p88K6EhwSUfbhCk9VakghnU/hORgjhopExY=' 'sha256-S94nv8UfR/jaxWSoEY8v2WibFHHv6piS/8thPhhFNp4=' 'sha256-JEwSVBrCE741EV9rbuu3EqBV+pc2dpFhRHIV6+9J0mY=' 'sha256-wODu+VfY8ND+vPVOUkzkfC/1jpkO6aSN5rGEBoSdnys='; style-src 'self' 'unsafe-inline' https://content.powerapps.com https://static.powerapps.com https://*.cdn.office.net https://vsa.services.microsoft.com https://mfpembedcdnmsit.azureedge.net; report-uri https://csp.microsoft.com/report/PowerAutomate-MakerPortal; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com https://acsbapp.com https://snap.licdn.com https://maps.googleapis.com https://static.ads-twitter.com https://analytics.twitter.com https://connect.facebook.net https://cdn.cookielaw.org https://www.youtube.com https://static.addtoany.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://js-agent.newrelic.com https://geolocation.onetrust.com https://bam-cell.nr-data.net https://cdnsecakmi.kaltura.com https://cdnapisec.kaltura.com http://cdnapi.kaltura.com https://www.google-analytics.com https://cdn.jsdelivr.net https://script.crazyegg.com https://static.cloudflareinsights.com https://www.google.com https://www.gstatic.com https://bam.nr-data.net https://hm.baidu.com/hm.js blob: https://sc-static.net https://tr.snapchat.com; object-src 'self' 'unsafe-inline' 'unsafe-eval' https: data; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://acsbapp.com https://maps.googleapis.com  https://fonts.googleapis.com https://www.youtube.com https://static.addtoany.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://js-agent.newrelic.com https://geolocation.onetrust.com https://bam-cell.nr-data.net https://script.crazyegg.com https://static.cloudflareinsights.com https://cdnapisec.kaltura.com; frame-ancestors self; report-uri /report-csp-violation 1
object-src 'none';base-uri 'self';script-src 'nonce-mMbyu797LEhkbDgMG5r6vA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net *.adsrvr.org facebook.com cdn.pdst.fm px.adentifi.com kds-pixel.kargo.com data.adxcel-ec2.com secure.adnxs.com tags.srv.stackadapt.com trkn.us cdnssl.clicktale.net w3.org snap.licdn.com dc.ads.linkedin.com *.googletagmanager.com websitevisitorleads.com *.twitter.com t.co sc-static.net *.evgnet.com *.cookielaw.org static.ads-twitter.com *.google-analytics.com assets.sitescdn.net *.vimeocdn.com dev.visualwebsiteoptimizer.com *.tctm.co *.qualtrics.com vimeo.com *.vimeo.com *.newrelic.com *.bing.com googleads.g.doubleclick.net *.clarity.ms *.tiktok.com *.snapchat.com everfi-next.net fpjscdn.net *.fpjs.io fresnel.vimeocdn.com f.vimeocdn.com *.cloudflare.com *.jsdelivr.net unpkg.com *.googleadservices.com connect.facebook.net *.byspotify.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net *.adsrvr.org facebook.com cdn.pdst.fm px.adentifi.com kds-pixel.kargo.com data.adxcel-ec2.com secure.adnxs.com tags.srv.stackadapt.com trkn.us cdnssl.clicktale.net w3.org snap.licdn.com dc.ads.linkedin.com *.googletagmanager.com websitevisitorleads.com *.twitter.com t.co sc-static.net *.evgnet.com *.cookielaw.org static.ads-twitter.com *.google-analytics.com assets.sitescdn.net *.vimeocdn.com dev.visualwebsiteoptimizer.com *.tctm.co *.qualtrics.com vimeo.com *.vimeo.com *.newrelic.com *.bing.com googleads.g.doubleclick.net *.clarity.ms *.tiktok.com *.snapchat.com everfi-next.net fpjscdn.net *.fpjs.io fresnel.vimeocdn.com f.vimeocdn.com *.cloudflare.com *.jsdelivr.net unpkg.com *.googleadservices.com connect.facebook.net *.byspotify.com cdn.evgnet.com *.visualwebsiteoptimizer.com *.cookielaw.org googletagmanager.com dev.virtualearth.net; frame-src 'self' blob: *.vimeo.com *.doubleclick.net *.clicktale.net *.adsrvr.org *.edwardjones.com *.edwardjones.ca accountaccess.edwardjones.com accountaccess.edwardjones.ca iaa-api-gateway.apps.edwardjones.com accountaccess.edwardjones.com accountaccess.edwardjones.ca onlineaccess.edwardjones.com iaaweb.edwardjones.com *.tctm.co *.w3.org *.vimeocdn.com *.qualtrics.com *.everfi-next.net *.snapchat.com *.amazon-adsystem.com *.facebook.com; frame-ancestors 'self' *.edwardjones.com *.edwardjones.ca accountaccess.edwardjones.com accountaccess.edwardjones.ca iaa-api-gateway.apps.edwardjones.com accountaccess.edwardjones.com accountaccess.edwardjones.ca onlineaccess.edwardjones.com iaaweb.edwardjones.com; child-src 'self' blob: *.vimeo.com *.doubleclick.net *.clicktale.net *.adsrvr.org *.edwardjones.com *.edwardjones.ca accountaccess.edwardjones.com accountaccess.edwardjones.ca iaa-api-gateway.apps.edwardjones.com accountaccess.edwardjones.com accountaccess.edwardjones.ca onlineaccess.edwardjones.com iaaweb.edwardjones.com *.tctm.co *.w3.org *.vimeocdn.com *.qualtrics.com *.everfi-next.net *.snapchat.com *.amazon-adsystem.com *.facebook.com; report-uri /report-csp-violation 1
default-src * data: ; script-src * 'unsafe-inline' 'unsafe-eval'  ; style-src * 'unsafe-inline' data: ; frame-ancestors 'none'; report-uri /csp-violation-report-endpoint/ 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://robbreport.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' www.cityam.com; font-src 'self' data: fonts.gstatic.com widgets.jobbio.com; frame-src 'none'; img-src 'self' data: cityam.com www.cityam.com pixel.wp.com ping.chartbeat.net www.google-analytics.com www.google.com www.google.co.uk tpc.googlesyndication.com pagead2.googlesyndication.com stat.flashtalking.com ad-events.flashtalking.com match.adsrvr.org x.bidswitch.net pixel-sync.sitescout.com stx-match.dotomi.com match.sharethrough.com ads.creative-serving.com id5-sync.com creativecdn.com ad.360yield.com cm.g.doubleclick.net pr-bh.ybp.yahoo.com uipglob.semasio.net se.semasio.net googleads.g.doubleclick.net c.clarity.ms c.bing.com widgets.jobbio.com d1avm1cbyhi830.cloudfront.net; manifest-src 'self'; script-src 'self' 'unsafe-hashes' cityam.com www.cityam.com static.criteo.net scripts.opti-digital.com pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net cdn.doubleverify.com rtb0.doubleverify.com tps.doubleverify.com www.googletagmanager.com onexl.gscontxt.net securepubads.g.doubleclick.net c.amazon-adsystem.com cmp.quantcast.comstats.wp.com cdn.onesignal.com www.youtube.com static.hotjar.com script.hotjar.com www.google-analytics.com static.chartbeat.com sdk.mrf.io www.clarity.ms config.aps.amazon-adsystem.com cmp.inmobi.com secure.cdn.fastclick.net tags.crwdcntrl.net cdn.id5-sync.com micro.rubiconproject.com cdn.edkt.io servedby.flashtalking.com cdn.flashtalking.com ajs-assets.ftstatic.com cmp.quantcast.com onesignal.com stats.wp.com widgets.jobbio.com 'sha256-7y9/KNsyJQGWriyCQmEaf3FZwqU52r1AuCBxscB1YcY=' 'sha256-/Sz/Eau67k93mK/MYVvRBKimpk7cKdgGYVleg8Xi1hA=' 'sha256-3nDB+r8C0cR/AVdSAMmpLw8cICNJ/HO9U62HxP7CNfo=' 'sha256-HB7plE/E7zKXyuOXD8lHYAzvB3bSpEFCK3yUXt25DO8=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-vC5HZmPEeD6+O3Q4wE6Wpz1zHvrMWXP/MhnePcri5ew=' 'sha256-AMsMJjmCpGPfhoWPat/L1DSrQteBXNCa/9lvxX1Yvyc=' 'sha256-VRIGkIkyRId4p9PTT2Vd71C3h46ELrXNnDro6m0YWnw=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-fXfpqjf8ZqT9Yw4CwtnJD+DcswKyVHVcleG8wHw7EJ4=' 'sha256-Hj2uLOllYgYc/jOJGApOSO0ekMlAMFhbMJIVgx4OccY=' 'sha256-QHxLuwMasj0RySztqiccekV9g5tMP+pFgDX9w4aHieI=' 'sha256-tn5QUML5p0n+0eTYxWyWVzMSmewtCz4ox7tqb5PyVLU=' 'sha256-KdBLXb+pLj/CLYcGym/Q7l8yuWV5cpuO3V4NHpIdk4E=' 'sha256-hF2xdEbNPmDglg0cRkx9iIU7FPbPPrAU+2drAZsig04=' 'sha256-QHxLuwMasj0RySztqiccekV9g5tMP+pFgDX9w4aHieI=' 'sha256-DNOvv4kVG6H9boqfCor/j5jV1F/smnNjRZYxzHA3OU4=' 'sha256-KdpFjVeqPrSBLBzQTvF9LIKunJyieEHbeIaRaicqcyk=' 'sha256-DtjQxGAqsVcQK3cPZ/Mg2pMUfLRgxV4/oCEEEgGTZU4=' 'sha256-oMFZWD1rQKqV3mIPU+Dk2oxgbWmJNko4CzVSqi57Kwk=' 'sha256-e8vTDFovOpddIbtAorkA+Du4syKFR+sDT07X5FJCIY0=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-z5FRDT0k6xs+zZGAVHTKBDOnOrwihuEwVv9AE1chZqE=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' 'sha256-pwQduWxX3Cm7lLbQmAos7n73RLP4QrsCDFejmsBdZ78=' 'sha256-tNxm3egGJhvdqGB9hweqcn0wjNgCcjgaVYP2OJmRhGc='  'sha256-QGJnda9iJsdmWkAy7CDGJ6WrQQKd4eHoi9MwtwCdgSU=' 'sha256-0ZRD0Ap8OCpAZ87Zi6yENANlM6Q8+aRFc1Ku0FlYCGg=' 'sha256-pq2eIKe7PR5KJBi0Pn8KHpqH55pbhp4oUzgfQYxAo5g=' 'sha256-qPFyIQROeM9k9QFxy+iLyCLuw8YxFxhWFjMIigcGxZw=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-Frb9JAGQZvAtq53+LlaYJkc+SVn6ZXdOI8hsGbDazeY='; style-src 'self' 'unsafe-hashes' cityam.com www.cityam.com fonts.googleapis.com onesignal.com widgets.jobbio.com 'sha256-DCg4mOnakkimO9WWI+OD8Zt0lAKYcxSn9RliZvZgqbk=' 'sha256-DxNz2JbsQazm6Kr7NavO4abJfFIheXxHacaMipXDz5o=' 'sha256-A+iI8CQK0+/C4UolO4YMdQaXCz9flVIq2JNU6QoND2A=' 'sha256-m7oWSSAkENGEP8g7kBPC5gwNTue8f7rqpWqnFPPiE5w=' 'sha256-p6rxOPRlBSTj7lbE7JZzWGG5DJX012+p8r1rb8/ln6g=' 'sha256-tQqOKlInResuIJFj7C9wvfXXgAnzwuAhr+3H+onBYxc=' 'sha256-4sjNECzUgTjzPM2s+FndusPSCMJwerc6OiNsCZeg6pI=' 'sha256-cM5k3Nj45BLM5WDYvopMKiqx0TTc12QhDVA5nJ9iw9Q=' 'sha256-ME3fMYupdDgyxmwn/iWd6f1RkLMLd29L8IGd2HiDiXA=' 'sha256-34sAYDH+Zm9qh1whetMv10oGd2w8G2ZfQVDP3hy5U+w=' 'sha256-duPovCcNouHvwPxi38mBXVzUwk9S2RWuIyy8aV740Bs=' 'sha256-QRQColJ+R6lZ3ygLlHY7nMqMvIXGNev2AUySQsEx3zM=' 'sha256-VxEuhJ7zUkw5xY0CTyjhq5C/1tLxjIoSiJ96GU+Snf0=' 'sha256-6/5aKxVQ4lDVR2ua6buTRudwbCjq1TdhrhhiN2bKFW0=' 'sha256-t4ShYOZ8JC95B1ZeJux3Qyrap6Vh1rUPlaQn69vOaxk=' 'sha256-5WHtU7TFpgyzVCujFK+uuFr/SrslZ1kgA+kKjRAyMxk=' 'sha256-ub5MDLLLzXVqEGedclzoeIXBv3ABpmKtqAwa8cL0MDQ=' 'sha256-bKF4evabxPnEmVmp8X+yCRqtpUI/6VVxRrfdnkDcufQ=' 'sha256-IOWYPccv4+GIAWz50PQ4hgBzwty+G8ckj9XrN5jdx6g=' 'sha256-B+o/JdSX7LZIn0sDyUHRYmQ+T3Xkgb+jVyfpG3faoY0=' 'sha256-hIGp77Bh9xO2PrIipolK2BnulWE6YuK/am+57EnqPR4=' ; connect-src 'self' c.amazon-adsystem.com securepubads.g.doubleclick.net bcp.crwdcntrl.net mab.chartbeat.com y.clarity.ms www.google-analytics.com pagead2.googlesyndication.com stats.g.doubleclick.net events.newsroom.bi region1.google-analytics.com partner-api.jobbio.com; object-src 'none'; base-uri 'none'; report-uri https://csp.thehut.net/cspReport.txt; report-to csp-endpoint 1
connect-src 'self' 'unsafe-inline' 'unsafe-eval' algolia.io *.algolia.io algolia.net *.algolia.net algolianet.com *.algolianet.com amplitude.com *.amplitude.com bing.com *.bing.com cf-sparkai-live.s3.amazonaws.com *.cf-sparkai-live.s3.amazonaws.com cf-studio-uploads.s3.amazonaws.com *.cf-studio-uploads.s3.amazonaws.com clarity.ms *.clarity.ms creativefabrica.com *.creativefabrica.com doubleclick.net *.doubleclick.net facebook.com *.facebook.com fonts.googleapis.com *.fonts.googleapis.com google-analytics.com *.google-analytics.com google.ae *.google.ae google.at *.google.at google.be *.google.be google.bg *.google.bg google.by *.google.by google.ca *.google.ca google.ch *.google.ch google.cl *.google.cl google.co.cr *.google.co.cr google.co.id *.google.co.id google.co.il *.google.co.il google.co.in *.google.co.in google.co.jp *.google.co.jp google.co.ke *.google.co.ke google.co.kr *.google.co.kr google.co.ma *.google.co.ma google.co.nz *.google.co.nz google.co.th *.google.co.th google.co.uk *.google.co.uk google.co.ve *.google.co.ve google.co.za *.google.co.za google.com *.google.com google.cz *.google.cz google.de *.google.de google.dk *.google.dk google.dz *.google.dz google.es *.google.es google.fi *.google.fi google.fr *.google.fr google.gr *.google.gr google.hn *.google.hn google.hr *.google.hr google.hu *.google.hu google.ie *.google.ie google.iq *.google.iq google.it *.google.it google.jo *.google.jo google.lk *.google.lk google.lt *.google.lt google.lv *.google.lv google.mk *.google.mk google.nl *.google.nl google.no *.google.no google.pl *.google.pl google.pt *.google.pt google.ro *.google.ro google.rs *.google.rs google.ru *.google.ru google.se *.google.se google.si *.google.si google.sk *.google.sk google.so *.google.so google.tn *.google.tn gstatic-cache.com *.gstatic-cache.com gstatic.com *.gstatic.com maps.googleapis.com *.maps.googleapis.com onesignal.com *.onesignal.com polotno.com *.polotno.com polotno.dev *.polotno.dev sentry.io *.sentry.io ticketgenie.ai *.ticketgenie.ai vercel.live *.vercel.live www.googleapis.com *.www.googleapis.com adservice.google.com data: blob: www.google.com.br www.google.com.do www.google.com.mx graphql-gw.creativefabrica.com www.google.com.bd www.google.com.ph www.google.com.ua www.google.com.tr d35ygclm1agwok.cloudfront.net www.google.com.hk www.google.com.bo www.google.com.np www.google.com.co www.google.com.pe www.google.com.pr www.google.com.ar creativefabrica-images.s3.amazonaws.com www.google.ee www.google.gt www.google.com.ni www.google.com.py www.google.com.pk www.google.com.vn www.google.com.au www.google.mw www.google.mg www.google.com.tw www.google.com.ng stats.g.doubleclick.net kaspersky-labs.com *.kaspersky-labs.com googleadservices.com *.googleadservices.com www.google.com.pa www.google.com.jm www.google.bj www.google.com.uy www.google.com.mt creativefabrica.ticketgenie.ai gc.kis.v2.scr.kaspersky-labs.com www.google.kg wss://gc.kis.v2.scr.kaspersky-labs.com cf-uploads-live.s3.amazonaws.com s3.amazonaws.com/creativefabrica-images www.google.com.sa www.google.com.eg www.google.com.cy www.google.com.my www.google.com.bh www.google.com.et www.google.kz cf-vectorizer-live.s3.amazonaws.com *.cf-vectorizer-live.s3.amazonaws.com google.al *.google.al google.az *.google.az google.ba *.google.ba google.cd *.google.cd *.google.cg google.cm *.google.cm google.co.ao *.google.co.ao google.co.bw *.google.co.bw google.co.tz *.google.co.tz google.co.ug *.google.co.ug google.co.zm *.google.co.zm google.co.zw *.google.co.zw google.co.vi *.google.co.vi google.mn *.google.mn google.sn *.google.sn google.tt *.google.tt translate.googleapis.com *.translate.googleapis.com www.google.com.fj; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=YfhvYhxzsGcfxfHqvZ2RlH5qXtavMawZYVXOn9FqSPE-1721955971-1.0.1.1-_hGX2On3Z.HdfvGjW1KLJbQrHAqzYdIttgMsCl9zbv46eoPyEj0fOaSLavzHy9uX5IiwustK1z5pBsWqNWAwnAhqM2YXdV9JpAjQdY27PqHbX1.SuOT63Oxz8b0sqP4uDXNMX1z5OeKQSu9bLynAzBTLlPu2IRKlfwqHKgG.UHxatAMOz0UzP3IP3a8Skj6AYgQQNZLNBJyf_Ln5i.dRgQ; report-to cf-ikgvtpefhozpcksd 1
script-src 'unsafe-inline' https:; object-src 'none'; base-uri 'none'; 1
frame-ancestors 'self' app.clockify.me clockify.me *.clockify.me; base-uri 'self'; connect-src 'self' data: https://ws.clockify.me analytics.google.com https://*.doubleclick.net checkout.stripe.com *.clockify.me *.cake.com *.pumble.com bat.bing.com maps.googleapis.com https://*.clarity.ms https://clockify.zendesk.com https://ekr.zdassets.com https://widget-mediator.zopim.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com www.googleadservices.com adservice.google.com https://adservice.google.com www.google.com pagead2.googlesyndication.com wss://widget-mediator.zopim.com wss://*.clockify.me; default-src 'self'; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self' marketplace.cake.com app.clockify.me clockify.me *.clockify.me *.cake.com *.pumble.com js.stripe.com checkout.stripe.com www.google.com https://www.youtube-nocookie.com https://www.youtube.com https://*.doubleclick.net; img-src 'self' blob: https: data:; manifest-src 'self'; media-src data: 'self' https://static.zdassets.com; object-src clockify.me; report-uri https://agz4hm07.uriports.com/reports/report; report-to default; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://*.doubleclick.net https://js.stripe.com *.clockify.me *.pumble.com checkout.stripe.com bat.bing.com https://maps.googleapis.com https://www.clarity.ms https://www.googleadservices.com www.google-analytics.com https://code.jquery.com https://static.zdassets.com www.google.com https://ajax.googleapis.com https://*.googletagmanager.com https://www.gstatic.com www.youtube.com; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com; worker-src blob:; 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/about_appsheet_com 1
frame-ancestors 'self'; object-src 'none'; report-uri /api/csp-reporting 1
default-src 'self';base-uri 'none';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src * 'self' https: data: https://cdn.remitly.com https://*.doubleclick.net/ https://www.facebook.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com/ https://getrockerbox.com/ https://media.remitly.io https://impressions.onelink.me;object-src 'none';script-src 'unsafe-inline' https: 'nonce-1e82e37e5b0143233fca0455082ef1a45b2aec5aacefbc7725f25d49213dfff0' 'strict-dynamic';script-src-attr 'nonce-1e82e37e5b0143233fca0455082ef1a45b2aec5aacefbc7725f25d49213dfff0';style-src https://cdn.remitly.com https://media.remitly.io 'unsafe-inline';upgrade-insecure-requests;manifest-src data:;style-src-elem https://*.gstatic.com/ https://media.remitly.io https://cdn.fonts.net https://dqyag3aekzepn.cloudfront.net 'unsafe-inline';connect-src 'self' https://api2.branch.io/ https://cdn.remitly.com https://*.doubleclick.net/ https://*.googletagmanager.com https://sessions.bugsnag.com https://notify.bugsnag.com https://bam.nr-data.net https://uel.remitly.io https://translate.googleapis.com/ https://*.clarity.ms https://connect.facebook.net https://cdn.siftscience.com https://*.google.com https://www.googleadservices.com https://api.remitly.io https://*.amplitude.com;frame-src https://*.doubleclick.net/ https://www.recaptcha.net/recaptcha/ https://remitly-3pjs.com/ https://*.googletagmanager.com https://www.youtube.com 1
object-src 'none';base-uri 'self';script-src 'nonce-orj6uRbduYrGAHChcGuk-A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; frame-ancestors 'self' https://teams.microsoft.com https://retailservices.teams.microsoft.com https://retailservices-ppe.teams.microsoft.com https://local.teams.office.com https://devspaces.skype.com https://ssauth.skype.com https://teams.microsoft.com.mcas.ms https://teams.microsoft.com.us3.cas.ms https://local.teams.office.com:8080 https://teams.live.com https://outlook-sdf.office.com https://outlook.office.com/ https://assignments.onenote.com https://browser-sandbox.meshxp.net/ https://spoolclientsdk.skype.com https://acsinternal-cte-beta.azurewebsites.net https://acssample-beta.azurewebsites.net https://acssample-stable.azurewebsites.net https://loop.microsoft.com https://*.loop.microsoft.com https://loop.cloud.microsoft https://loop.cloud-dev.microsoft https://app.int.whiteboard.microsoft.com https://whiteboard.cloud-dev.microsoft https://*.whiteboard.microsoft.com https://whiteboard.microsoft.com https://whiteboard.office.com https://teams.cloud.microsoft https://outlook.cloud.microsoft https://m365.cloud.microsoft https://res-sdf.cdn.office.net https://res.cdn.office.net https://mesh.public.onecdn.static.microsoft; base-uri 'none'; manifest-src 'self'; script-src 'self' 'wasm-unsafe-eval' 'report-sample' http://amcdn.msftauth.net https://amcdn.msftauth.net https://*.office365.com https://shell.cdn.office.net https://cdn.fluidpreview.office.net https://js.monitor.azure.com https://res-1.cdn.office.net https://res.cdn.office.net https://ch5.fluidpreview.office.net https://cdn.dev.fluidpreview.office.net https://dev.loop.microsoft.com https://res-sdf.cdn.office.net; style-src 'self' 'unsafe-inline' 'report-sample' https://*.office.net https://res.cdn.office.net https://cdn.fluidpreview.office.net https://ch5.fluidpreview.office.net https://cdn.dev.fluidpreview.office.net https://dev.loop.microsoft.com https://res-sdf.cdn.office.net; font-src 'self' data: https://*.office.net https://spoprod-a.akamaihd.net https://static2.sharepointonline.com fs.microsoft.com; img-src 'self' blob: data: https://*.office.com https://*.office365.com https://outlook.live.com https://*.teams.microsoft.com https://*.officeapps.live.com https://web.vortex.data.microsoft.com https://shell.cdn.office.net https://urlp.asm.skype.com https://urlp.sfbassets.com https://login.live.com https://storage.live.com; connect-src 'self' blob: https://* wss://whiteboard.microsoft.com/sync wss://*.whiteboard.microsoft.com wss://whiteboard.microsoft.com wss://*.svc.ms wss://dogfood.augloop.svc.cloud.microsoft wss://*.dogfood.augloop.svc.cloud.microsoft wss://*.augloop-dogfood.officeppe.com wss://augloop-dogfood.officeppe.com wss://augloop.svc.cloud.microsoft wss://*.augloop.svc.cloud.microsoft wss://*.augloop.office.com wss://augloop.office.com wss://augloop-gcc.office.com wss://*.augloop-gcc.office.com; worker-src 'self'; frame-src 'self' https://* https://webshell.suite.office.com; media-src 'self'; object-src 'none'; form-action 'self' https://*; report-uri https://csp.microsoft.com/report/WhiteboardWebClient-WhiteboardApp-PROD; report-to csp-endpoint; 1
script-src 'strict-dynamic' 'self' https: 'nonce-e860de9d99555d1bec622fd61ec87e429282c0ac'; script-src-elem 'self' 'nonce-e860de9d99555d1bec622fd61ec87e429282c0ac'; object-src 'none'; base-uri 'none'; report-to csp-report; frame-ancestors 'self' 1
font-src 'self' data:; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ cdnjs.cloudflare.com https://cdn.datatables.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com stackpath.bootstrapcdn.com unpkg.com; style-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.datatables.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.instinet.com stackpath.bootstrapcdn.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 1
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://pp.ephapay.net/ https://pp.eshapay.net/ https://scripts.agilone.com/ https://widget.trustpilot.com/ https://edigitalsurvey.com/ https://static.addtoany.com/ https://c.paypal.com/ https://www.paypal.com https://www.paypalobjects.com/ https://www.sandbox.paypal.com/ https://www.zenaps.com/ https://www.youtube.com/ https://*.doubleclick.net/ https://gum.criteo.com/ https://www.facebook.com/ https://*.hotjar.com/ https://s.salecycle.com https://www.googletagmanager.com/ https://www.google.com https://*.customizer.cadesignform.dk/ https://static.criteo.net/ https://www.youtube-nocookie.com/ https://d16fk4ms6rqz1v.cloudfront.net/ https://*.arcot.com/ https://www.securesuite.co.uk/ https://www.clicksafe.lloydstsb.com/ https://secure.barclaycard.co.uk https://*.photorank.me/; report-uri https://csp-violations.external.wickes.co.uk 1
object-src 'none';base-uri 'self';script-src 'nonce-h1gtVFag55LOIgeFur4ZCQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://hollywoodlife.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
connect-src 'self' https: 'unsafe-eval' https://*.zoom.us wss://zpns.zoom.us wss://widget-mediator.zopim.com; default-src 'self' https:; font-src 'self' https: data: data: source.zoom.us; img-src 'self' https: data: blob: *.zoom.us https://v2assets.zopim.io https://static.zdassets.com; media-src 'self' https: *.zoom.us; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob: http://zoom.us *.zoom.us; style-src 'self' https: 'unsafe-inline'; worker-src 'self' https: blob:; report-uri /csp-report 1
frame-ancestors 'self' http://*.abcya.com:* https://*.abcya.com:* https://*.ixl.com:* https://*.ixl.x:* https://*.ixl.q:* https://*.ixl.z:* https://*.ixl.k38:* https://*.ixl.m26:* https://*.ixl.cap:* https://*.ixl.lb:* https://*.ixl.k10:* https://*.ixl.k41:* https://*.ixl.t:* https://*.ixl.abcyaonixl.ixl.dev:* http://localhost:* https://*.ixl.dev:*; default-src 'self' https://tpc.googlesyndication.com/safeframe/; connect-src 'self' https://*.abcya.com https://*.admetricspro.com https://assets-abcya-com.netlify.app https://csi.gstatic.com https://dt.clnmde.com https://kinesis.us-east-1.amazonaws.com https://www.google-analytics.com https://*.media.net https://*.googlesyndication.com https://*.doubleclick.net https://*.arcademics.com wss://*.arcademics.com; font-src 'self' https://*.media.net https://d33wubrfki0l68.cloudfront.net https://fonts.gstatic.com https://*.arcademics.com; frame-src 'self' blob: https://*.admetricspro.com https://*.stripe.com https://*.abcya.com https://assets-abcya-com.netlify.app https://pxlclnmdecom-a.akamaihd.net https://*.googlesyndication.com https://*.doubleclick.net https://www.google.com; img-src 'self' data: https://*.arcademics.com https://*.net https://*.abcya.com https://assets-abcya-com.netlify.app https://*.admetricspro.com https://*.media.net https://d33wubrfki0l68.cloudfront.net https://dt.clnmde.com https://www.googletagmanager.com https://*.doubleclick.net https://px.moatads.com https://*.googlesyndication.com https://www.google-analytics.com https://www.google.com https://ssl.gstatic.com https://www.gstatic.com https://www.kidsafeseal.com https://s02mdn.net/; media-src 'self' https://assets-abcya-com.netlify.app; object-src https://*.abcya.com https://assets-abcya-com.netlify.app; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://imasdk.googleapis.com/js/sdkloader/ima3.js https://vjs.zencdn.net/7.11.4/video.min.js https://cdnjs.cloudflare.com/ajax/libs/videojs-ima/1.10.1/videojs.ima.min.js https://cdnjs.cloudflare.com/ajax/libs/videojs-contrib-ads/6.0.0/videojs.ads.min.js https://adservice.google.com https://cdn.ampproject.org https://*.admetricspro.com https://*.media.net https://d33wubrfki0l68.cloudfront.net https://*.stripe.com https://mb.moatads.com https://pxlclnmdecom-a.akamaihd.net https://*.doubleclick.net https://*.arcademics.com https://*.googlesyndication.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://www.googletagservices.com https://www.gstatic.com https://z.moatads.com; style-src 'self' 'unsafe-inline' https://vjs.zencdn.net/7.11.4/video-js.css https://cdnjs.cloudflare.com/ajax/libs/videojs-contrib-ads/6.7.0/videojs.ads.css https://cdnjs.cloudflare.com/ajax/libs/videojs-ima/1.10.1/videojs.ima.css https://d33wubrfki0l68.cloudfront.net https://fonts.googleapis.com https://tagmanager.google.com; report-uri https://www.ixl.com/actions/csp/report-abcya; report-to csp-endpoint; 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' d31j93rd8oukbv.cloudfront.net https://*.google-analytics.com https://google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://optimize.google.com https://www.googleoptimize.com https://www.recaptcha.net https://www.gstatic.com/recaptcha/ https://*.paddle.com https://*.zopim.com https://*.zdassets.com https://browser.sentry-cdn.com https://*.ingest.sentry.io; frame-src https://www.google.com/ https://optimize.google.com https://*.paddle.com; connect-src 'self' https://d31j93rd8oukbv.cloudfront.net https://*.google-analytics.com https://*.paddle.com https://browsec.zendesk.com wss://*.zopim.com https://*.zopim.com https://*.zdassets.com https://*.ingest.sentry.io; report-uri /api/v1/reports; 1
default-src 'self'; script-src 'self' 'sha256-6vmNTbfgubexXPiaZdcqfKCk+vKBe9cfsKsAciXQtMg=' 'sha256-r1aYSsDn5Btub+zo7XZr6P3ZhmNyYTvHf/yjmzIpxT8=' 'sha256-aqdvQaQU9tkorRhtgHldablGaB5SI/SwbLemAOKE7Yo=' 'sha256-Vxv+qm8gMYYzbp7hSMakF5Q81e7GDj/Z5HZYT4ekhho=' 'sha256-uBpmtDakUPHISUCFtaVC869LxTI53EPQREvqhqlxGVU=' 'sha256-h8bC9y2R69GO3nntfTAfOohrJdzeOS7slDdbOSULEJo=' 'sha256-isqZ0Q9pUWxBIyLN3u9Y3hy3MuWSJMoiNKT/nB5AbP8=' 'sha256-E+9KuTkZkFIuiN69g5Y/rS1KDaDR2Wsfoq7Eetly00k=' 'sha256-4A71+eBTUzk+eqeYnEVcDQgmfqADEcilqeQIAiwyPj8=' 'sha256-Ft85708B4GnIXzdTu8nxvQbyFHRn0yYy/8Sa3eDtv38=' 'sha256-IQuu99eybyUVQl8tdKPujuMVZMAtiHk2XPu15i9EH4A=' https://*.google-analytics.com/analytics.js https://cdncache-a.akamaihd.net/sub/b156ae9/98002/l.js https://www.youtube.com https://www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/picturefill/3.0.2/picturefill.min.js https://*.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://www.youtube.com/iframe_api https://www2.osfound.org/shorten https://connect.facebook.net https://public.flourish.studio/resources/embed.js; style-src 'unsafe-inline' 'self'; object-src 'self' https://video.ted.com; base-uri 'self' https://www.youtube.com; connect-src 'self' https://www.googletagmanager.com https://*.google-analytics.com https://*.ingest.sentry.io https://cdn.plyr.io https://translate.googleapis.com; font-src 'self' https: data:; frame-src 'self' https://www.youtube.com https://w.soundcloud.com https://www.facebook.com https://player.vimeo.com https://flo.uri.sh; img-src 'self' https://i.ytimg.com https://opensocietyfoundations.imgix.net https://*.google-analytics.com https: data:; manifest-src 'self'; media-src 'self'; report-uri https://opensociety.report-uri.com/r/d/csp/reportOnly; worker-src 'none'; 1
default-src *; script-src * 'unsafe-inline'; style-src * 'unsafe-inline'; frame-ancestors 'self' 1
default-src 'self' https:; object-src 'none'; img-src 'self' https: blob: data:; font-src 'self' https: data:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https: wss:; report-uri https://buildkite.report-uri.com/r/d/csp/reportOnly 1
script-src *.hsadspixel.net *.hs-analytics.net js.hscta.net js-eu1.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com  *.hubspot.net   *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com feedback-eu1.hubapi.com 'strict-dynamic' 'nonce-7juXtPEo2eImeCgJKTZdlQ=='; img-src *.sonatype.com no-cache.hubspot.com cdn2.hubspot.net; frame-src *.driftt.com *.twitter.com td.doubleclick.net consentcdn.cookiebot.com *.hs-sites.com *.hs-sites-eu1.com play.hubspotvideo.com play-eu1.hubspotvideo.com  *.hsforms.net *.hsforms.com; connect-src analytics.google.com *.hubapi.com js.hscta.net js-eu1.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.sonatype.com; style-src *.hsappstatic.net *.hubspotusercontent-na1.net *.typekit.net *.hubspot.net *.sonatype.com 'unsafe-inline'; 1
default-src 'self'; script-src 'report-sample' 'self' https://cdnjs.cloudflare.com/ajax/libs/ace/1.1.3/ace.js https://connect.facebook.net/en_US/fbevents.js https://js.intercomcdn.com/vendor-modern.7a9ca9be.js https://prod.hackster-cdn.online/assets/application-7646f60bfdb0e6b6444bf77de6184bed59f1689ab2c45fc12ffa98978edc7dbe.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://widget.intercom.io/widget/l4h7orei https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtag/js https://www.gstatic.com/recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__en.js; style-src 'report-sample' 'self' https://prod.hackster-cdn.online; object-src 'none'; base-uri 'self'; connect-src 'self' https://7yqjt9bhux-dsn.algolia.net https://analytics.google.com https://api-iam.intercom.io https://api.hackster.io https://o4506440451424256.ingest.sentry.io https://ohm-dot-hackster-io.appspot.com https://prod.hackster-cdn.online https://px.ads.linkedin.com https://stats.g.doubleclick.net https://www.google-analytics.com wss://nexus-websocket-a.intercom.io; font-src 'self' https://prod.hackster-cdn.online; frame-src 'self' https://www.google.com https://www.youtube.com; img-src 'self' data: https://graph.facebook.com https://gravatar.com https://hackster.imgix.net https://i.ytimg.com https://lh3.googleusercontent.com https://prod.hackster-cdn.online https://px.ads.linkedin.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.newark.com; manifest-src 'self' https://prod.hackster-cdn.online; media-src 'self' https://hackster.imgix.net; report-uri https://6620045c077c1adc81b63f22.endpoint.csper.io/?v=2; worker-src blob:; 1
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://track.buyma.com/csp/report.json 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self';report-uri /csp.php 1
default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; font-src 'self' https: data:; connect-src 'self' https: wss:; media-src 'self' https: blob:; object-src https: blob:; worker-src 'self' https: blob:; frame-src 'self' https: blob:; form-action 'self' https:; block-all-mixed-content 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: eb2.3lift.com cdn.cookielaw.org *.voegol.com.br *.adnxs.com www.dwin1.com cdn.amplitude.com secure.afilio.com.br static.zdassets.com sync.1rx.io bat.bing.com i.liadm.com s3-sa-east-1.amazonaws.com sdk.inbenta.io *.doubleclick.net *.uol.com.br *.onetrust.com *.clarity.ms criteo-sync.teads.tv *.pinterest.com event.getblue.io *.outbrain.com *.qualtrics.com us.creativecdn.com exchange.mediavine.com visitor.omnitagjs.com *.salesforce.com unpkg.com ekr.zdassets.com c.bing.com www.google.com.br analytics.google.com rs.fullstory.com edge.fullstory.com *.tiktok.com api.lab.amplitude.com *.rubiconproject.com cdn.jsdelivr.net criteo-partners.tremorhub.com ad.360yield.com *.taboola.com vlibras.gov.br sync-criteo.ads.yieldmo.com *.smartadserver.com jadserve.postrelease.com tm.jsuol.com.br www.googletagmanager.com maxcdn.bootstrapcdn.com *.bidswitch.net match.sharethrough.com tags.creativecdn.com contextual.media.net ads.stickyadstv.com www.google.com trends.revcontent.com *.pinimg.com *.criteo.com api2.amplitude.com *.casalemedia.com ade.clmbtech.com *.dynatrace.com cdn.inbenta.io e1.emxdgt.com *.pubmatic.com widget.getblue.io adservice.google.com mastertag.roundler.com.br s.ad.smaato.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
frame-ancestors 'self'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.storyblok.com *.zdassets.com *.doofinder.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; form-action https://www.facebook.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://store.plumrocket.com www.paycomet.com api.paycomet.com 'self' 'unsafe-inline'; frame-src http://fast.amc.demdex.net https://www.youtube.com https://www.facebook.com https://app3.salesmanago.pl https://10138016.fls.doubleclick.net https://insight.adsrvr.org https://td.doubleclick.net fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://store.plumrocket.com www.paycomet.com api.paycomet.com instantcredit.net test.instantcredit.net https://sandbox.sequracdn.com https://live.sequracdn.com https://www.googletagmanager.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.hotjar.com *.oct8ne.com *.pinterest.com *.doofinder.com *.empathybroker.com *.empathy.co *.criteo.com 'self' 'unsafe-inline'; connect-src https://dpm.demdex.net http://dpm.demdex.net https://www.paypal.com https://eu1-search.doofinder.com https://shops-si.trustedshops.com https://api.trustedshops.com https://trustbadge.api.etrusted.com https://storytech.io https://analytics.tiktok.com https://region1.analytics.google.com https://vc-service.saleago.com https://api.swogo.net https://content.syndigo.com https://tracking.swogo.net https://www.google.com https://bat.bing.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.doofinder.com wss://*.doofinder.com instantcredit.net *.instantcredit.net https://sandbox.sequracdn.com https://live.sequracdn.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.oct8ne.com *.zendesk.com *.zopim.com *.doubleclick.net *.hotjar.com *.hotjar.io *.clarity.ms *.smartsuppcdn.com *.googleapis.com *.gstatic.com *.google-analytics.com *.google.es *.connectif.cloud *.klaviyo.com *.photoslurp.com *.zdassets.com *.pinterest.com *.nosto.com *.empathybroker.com *.empathy.co *.target2sell.com 'self' 'unsafe-inline'; img-src data: http://cm.everesttech.net http://amcglobal.sc.omtrdc.net https://asistentecosmeticatest1.herokuapp.com https://ad.doubleclick.net https://p1.zemanta.com https://www.storytech.io https://cdnstory.com https://insight.adsrvr.org https://www.druni.es https://event.syndigo.cloud https://ui.swogo.net https://googleads.g.doubleclick.net assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com cdn.doofinder.com instantcredit.net test.instantcredit.net https://sandbox.sequracdn.com https://live.sequracdn.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com *.google.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://images.unsplash.com *.google.es widgets.trustedshops.com *.twitter.com t.co *.azureedge.net *.pinterest.com *.doofinder.com *.bing.com 'self' data: data: 'self' 'unsafe-inline'; font-src http://widgets.trustedshops.com http://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://asistentecosmeticatest1.herokuapp.com instantcredit.net test.instantcredit.net maxcdn.bootstrapcdn.com fonts.gstatic.com *.azureedge.net *.doofinder.com *.typekit.net *.googleapis.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; style-src http://fonts.googleapis.com http://maxcdn.bootstrapcdn.com https://asistentecosmeticatest1.herokuapp.com https://storytech.io *.adobe.com *.doofinder.com instantcredit.net test.instantcredit.net maxcdn.bootstrapcdn.com *.photoslurp.com *.nosto.com *.klaviyo.com *.typekit.net *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; script-src http://widgets.trustedshops.com http://www.gstatic.com http://www.google.com https://www.googletagmanager.com https://www.dwin1.com https://eu1-search.doofinder.com https://cdn.doofinder.com https://asistentecosmeticatest1.herokuapp.com https://cdnjs.cloudflare.com/ https://ui.swogo.net https://analytics.tiktok.com https://storytech.io https://bucket.cdnwebcloud.com https://js.adsrvr.org https://js-tag.zemanta.com https://content.syndigo.com https://ct.pinterest.com https://fonts.googleapis.com assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.salesmanago.pl *.salesmanago.es *.salesmanago.com cdn.doofinder.com www.paycomet.com api.paycomet.com instantcredit.net test.instantcredit.net code.jquery.com https://sandbox.sequracdn.com https://live.sequracdn.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.googletagmanager.com *.facebook.net connect.facebook.net graph.facebook.com business.facebook.com www.googletagmanager.com *.googleoptimize.com widgets.trustedshops.com static-eu.oct8ne.com static.zdassets.com *.tradedoubler.com *.doubleclick.net *.hotjar.com *.ads-twitter.com smct.co *.bsmartdata.com *.retargeted.co *.bing.com *.clarity.ms *.smartsuppcdn.com *.smartsuppchat.com *.smartsupp.com *.connectif.cloud *.klaviyo.com *.photoslurp.com *.pinimg.com *.nosto.com *.doofinder.com *.empathybroker.com *.unpkg.com *.google.com *.gstatic.com *.target2sell.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self'; script-src 'nonce-4L9UWI17IzSgRwKZddrDbQ==' 'strict-dynamic' https: 'unsafe-inline'; style-src 'self' 'unsafe-inline' blob: https://app.getbeamer.com https://assets.openlearning.com https://*.ssl.cf4.rackcdn.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.openlearning.com https://oluploadslive.blob.core.windows.net https://front-us-rest.ably.io https://api.amplitude.com https://api.hubapi.com https://api.hubspot.com https://api.ipify.org https://backend.getbeamer.com https://chat.frontapp.com https://www.facebook.com https://find.userpilot.io https://forms.hubspot.com https://iframe.ly https://in.hotjar.com https://learningtime.servicebus.windows.net https://pythonutilityfunctions.azurewebsites.net https://sentry.io https://stats.g.doubleclick.net https://us-west-1-chat-server.frontapp.com https://vc.hotjar.io https://www.google-analytics.com https://pagead2.googlesyndication.com https://static.userguiding.com https://metrics.userguiding.com wss://analytex.userpilot.io wss://front-us-realtime.ably.io wss://*.openlearning.com; font-src 'self' data: https://*.ssl.cf4.rackcdn.com https://assets.openlearning.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src 'self' https:; img-src 'self' data: blob: https:; manifest-src 'self' https://*.ssl.cf4.rackcdn.com; media-src 'self' https://dev-uploads.openlearning.com https://uploads.openlearning.com https://qencode.blob.core.windows.net; worker-src 'none'; child-src blob:; 1
frame-ancestors 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.algolia.net *.algolianet.com *.clarity.ms *.drmax-gl.dev *.drmax-gl.space *.drmax-ro.space *.drmax.net *.drmax.ro *.drmax.zone *.drmax-gl.live *.facebook.com *.facebook.net *.fbcdn.net *.google-analytics.com *.google.com *.googleapis.com *.instagram.com *.sentry.io *.twitter.com ams.creativecdn.com api.luigisbox.com attr-2p.com bam.eu01.nr-data.net bat.bing.com cdn.jsdelivr.net cdn.speedcurve.com cdn-4.convertexperiments.com cdnjs.cloudflare.com cdp.drmax.meiro.io cdp.drmaxro.meiro.io consent.cookiebot.com consentcdn.cookiebot.com dtm-dre.platform.hicloud.com event.2performant.com fledge-eu.creativecdn.com fonts.gstatic.com googleads.g.doubleclick.net image-resizer-svc.drmax-gl.live image-resizer-svc.drmax-gl.space insights.algolia.io js-agent.newrelic.com measurement-api.criteo.com pagead2.googlesyndication.com placement-service.drmax-gl.live placement-service.drmax-gl.space rtp.persoo.ai s.yimg.com s.yimg.com scripts.persoo.cz search-service.drmax-gl.space static.cloudflareinsights.com stats.g.doubleclick.net t.profitshare.ro tags.creativecdn.com td.doubleclick.net tpc.googlesyndication.com unpkg.com www.googleadservices.com/pagea www.googleoptimize.com www.googletagmanager.com www.gstatic.com www.recaptcha.net www.youtube-nocookie.com www.youtube.com ; report-to csp-endpoint; report-uri /_cspreports; img-src * data:; 1
default-src https: ; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri /csp/ 1
script-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' app.contentsquare.com t.contentsquare.net *.heapanalytics.com *.2mdn.net *.33across.com *.acexchange.co.kr *.ad-generation.jp *.adagio.io *.addthis.com *.addthisedge.com *.adform.com *.adiiix.com *.adingo.jp *.admanmedia.com *.admixer.com *.admixer.net *.adtech.com *.adtiming.com *.advangelists.com *.advertising.com *.adyoulike.com *.amazon-adsystem.com *.amazon.com *.ampproject.org *.amxrtb.com *.aniview.com *.aol.com *.appnexus.com *.aps.amazon.com *.aralego.com *.avantisvideo.com *.axonix.com *.beachfront.com *.behave.com *.betweendigital.com *.bidmachine.io *.bidstreammedia.com *.bidtellect.com *.bing.com *.blis.com *.braintreegateway.com *.brid.tv *.brightcove.com *.brightcove.net *.chocolateplatform.com *.clarity.ms *.cloudflare.com *.cloudfront.net *.consumable.com *.contextweb.com *.conversantmedia.com *.crazyegg.com *.criteo.com *.criteo.net *.districtm.io *.doubleclick.net *.doubleverify.com *.e-planning.net *.e-volution.ai *.emxdgt.com *.engagebdr.com *.eskimi.com *.exponential.com *.facebook.com *.facebook.net *.fastclick.net *.freewheel.tv *.google-analytics.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.gumgum.com *.id5-sync.com *.improvedigital.com *.indexexchange.com *.infolinks.com *.inmobi.com *.inskinmedia.com *.instagram.com *.insticator.com *.jquery.com *.kargo.com *.launchdarkly.com *.lemmatechnologies.com *.lijit.com *.lkqd.com *.lkqd.net *.logan.ai *.loopme.com *.marketo.net *.media.net *.mediago.io *.mediatradecraft.com *.moatads.com *.mobfox.com *.mobileadtrading.com *.my.com *.my6sense.com *.narrativ.com *.nativo.com *.newrelic.com *.nr-data.net *.ogury.com *.onetag.com *.openexchangerates.org *.openx.com *.outbrain.com *.playbuzz.com *.pokkt.com *.prodooh.com *.proper.io *.pubmatic.com *.pubnative.net *.px-cdn.net *.quantcount.com *.quantserve.com *.realself.com *.revcontent.com *.rhythmone.com *.richaudience.com *.risecodes.com *.rlcdn.com *.rsdev.co *.rubiconproject.com *.s-onetag.com *.sharethrough.com *.smaato.com *.smartadserver.com *.smartclip.net *.smartyads.com *.snapengage.com *.somoaudience.com *.sonobi.com *.sovrn.com *.speedcurve.com *.spotx.tv *.spotxchange.com *.springserve.com *.ssp.e-volution.ai *.ssp.logan.ai *.stackadapt.com *.synacor.com *.target.my.com *.teads.tv *.telaria.com *.themediagrid.com *.tremorhub.com *.tribalfusion.com *.triplelift.com *.typekit.net *.ucfunnel.com *.undertone.com *.unrulymedia.com *.vdopia.com *.velismedia.com *.verve.com *.video.unrulymedia.com *.vidoomy.com *.yahoo.com *.yieldmo.com *.zencdn.net btloader.com openexchangerates.org blob:; worker-src 'self' blob:; frame-ancestors *; form-action *; report-uri https://api.realself.com/v1/rs-csp-sc/csp-info; report-to security-report 1
object-src 'none';base-uri 'self';script-src 'nonce-HuR-C0GmgdgN-1cW6rYlPw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 1
font-src fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com http2.mlstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.mercadolibre.com mldp.mercadopago.com www.mercadolibre.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net imgmp.mlstatic.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar www.mercadolibre.com www.mercadolibre.com.mx www.mercadolibre.com.ar www.mercadolibre.com.br a248.e.akamai.net mercadolivre.com.br www.mercadolivre.com.br www.mercadolivre.com.mx www.mercadolivre.com.ar www.mercadopago.com secure.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadolivre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.google.com *.online-metrix.net *.groovinads.com *.g.doubleclick.net *.clarity.ms *.bing.com *.google.com.ar data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.braindw.com *.mlstatic.com http2.mlstatic.com secure.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.google.com *.gstatic.com *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://live.decidir.com i.k-analytix.com rum-static.pingdom.net live.decidir.com *.newrelic.com bam-cell.nr-data.net https://api.wcx.cloud https://static-s.braindw.com https://f.wcentrix.com https://ads01.groovinads.com https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://googleads.g.doubleclick.net *.groovinads.com *.online-metrix.net *.bing.com *.clarity.ms *.cloudfront.net *.force.com *.la1-core1.sfdc-lywfpd.salesforceliveagent.com *.varify.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com unsafe-inline assets.braintreegateway.com http2.mlstatic.com *.force.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.braindw.com *.mercadopago.com api.mercadopago.com events.mercadopago.com www.mercadolibre.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://developers.decidir.com/ *.google-analytics.com i.konduto.com rum-collector-2.pingdom.net *.mercadolibre.com.ar *.decidir.com bam-cell.nr-data.net https://stats.g.doubleclick.net https://s.braindw.com https://a.braindw.com https://api.wcx.cloud https://f.wcentrix.com *.g.doubleclick.net *.nr-data.net *.clarity.ms *.online-metrix.net *.varify.io *.bing.com *.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src maxcdn.bootstrapcdn.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src * 'unsafe-inline' 'unsafe-eval';font-src data: *; script-src * 'unsafe-inline' 'unsafe-eval'; child-src * 'unsafe-inline' blob:; worker-src * 'unsafe-inline' blob:; img-src * data: blob: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src * blob:; 1
object-src 'none'; script-src 'self' cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://static.addtoany.com https://unpkg.com mdbootstrap.com 'unsafe-inline'; script-src-attr 'self'; style-src 'self'  cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com maxcdn.bootstrapcdn.com mdbootstrap.com use.fontawesome.com 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 1
default-src https: wss: 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; 1
font-src 'self' https://cdn.fonts.net https://fonts.gstatic.com https://rsms.me; img-src 'self' data: https://shielded.co.nz https://maps.gstatic.com https://maps.googleapis.com https://prod.studentchat.info https://analytics.twitter.com https://bat.bing.com https://c.bing.com https://c.clarity.ms https://px.ads.linkedin.com https://t.co https://tracking.monsido.com https://www.facebook.com https://www.google.co.nz https://www.googletagmanager.com https://www.linkedin.com https://d10lpsik1i8c69.cloudfront.net; 1
img-src https: data:; connect-src https:; report-uri https://csp-reports.yesware.com/new 1
object-src 'none';base-uri 'self';script-src 'nonce-Em58Uocly1GROXwOWKc6mg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/abc_xyz 1
base-uri 'none'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-sOTkjcp/V7HCTRd1eIn+Tw==' 1
default-src 'self' adobedtm.com *.adobedtm.com adroll.com *.adroll.com ads-twitter.com *.ads-twitter.com afterpay.com *.afterpay.com apxprogrammatic.com *.apxprogrammatic.com bazaarvoice.com *.bazaarvoice.com bing.com *.bing.com boldchat.com *.boldchat.com braintree-api.com *.braintree-api.com braintreegateway.com *.braintreegateway.com brcdn.com *.brcdn.com cloudflare.com *.cloudflare.com cookielaw.org *.cookielaw.org demdex.net *.demdex.net dotomi.com *.dotomi.com doubleclick.net *.doubleclick.net facebook.net *.facebook.net fullstory.com *.fullstory.com genpt.com *.genpt.com google-analytics.com *.google-analytics.com google.ca *.google.ca google.com *.google.com googleadservices.com *.googleadservices.com googletagmanager.com *.googletagmanager.com fonts.gstatic.com iesnare.com *.iesnare.com jst.ai *.jst.ai klaviyo.com *.klaviyo.com livechatinc.com *.livechatinc.com maps.googleapis.com *.maps.googleapis.com maxmind.com *.maxmind.com micpn.com *.micpn.com mmapiws.com *.mmapiws.com napaonline.com *.napaonline.com netmng.com *.netmng.com newrelic.com *.newrelic.com nr-data.net *.nr-data.net omtrdc.net *.omtrdc.net onetrust.com *.onetrust.com paypal.com *.paypal.com paypalobjects.com *.paypalobjects.com pinterest.com *.pinterest.com rakuten.com *.rakuten.com repairpal.com *.repairpal.com rfihub.net *.rfihub.net scene7.com *.scene7.com sentry-cdn.com *.sentry-cdn.com signifyd.com *.signifyd.com skyword.com *.skyword.com smartystreets.com *.smartystreets.com twitter.com *.twitter.com vibescm.com *.vibescm.com vimeo.com *.vimeo.com wp.com *.wp.com youtube.com *.youtube.com localhost *.localhost; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=FH4VwJl_ObdN8O0CZ2QG7xaFvBCI1v22l_AWc1vX3zY-1721956729-1.0.1.1-AzJleT3yjc1tHXWZMjkG67X.j_PGzzOtOSHqC8TgeFiPxh0BD2Ba1Gtil6Bktd0Wg0gUaYy0LhawgZXTLbmI5IQfMM5RuJ8kx9nckOyZ6dnxsz5iUfN0eg21ajU5mi6Ts3oVrC8UkT5vtDsbpna6eZ95iLPiZOX8J4FtxaiREfGyOidlnbx2d5PB9SnvY7xAChP.FmOcuYlolRnQVqoq2w; report-to cf-riiknqmrkktxllal 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: edge.fullstory.com www.googletagmanager.com harmonyenroll.coloniallife.com translate.google.com *.googleapis.com *.employeenavigator.com www.google-analytics.com *.gstatic.com www.google.com employeenavigator.com ekr.zdassets.com *.vimeo.com *.zopim.com cdnjs.cloudflare.com gitcdn.github.io web-sdk.aptrinsic.com www.youtube.com rs.fullstory.com static.zdassets.com *.zendesk.com cdn.jsdelivr.net js.braintreegateway.com harmonyconnect.coloniallife.com code.jquery.com esp.aptrinsic.com *.sentry.io ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' https:; base-uri https://www.elysee.fr; block-all-mixed-content; child-src *; font-src 'self' data: https://fonts.gstatic.com https://www.elysee.fr https://admin.elysee.fr https://www.elysee.fr; form-action 'self'; frame-ancestors 'none'; img-src https://stats.g.doubleclick.net data: https://www.elysee.fr https://admin.elysee.fr https://www.elysee.fr https://captcha.liveidentity.com; plugin-types video/*; script-src 'unsafe-inline' https://www.elysee.fr https://isho.elysee.fr https://admin.elysee.fr https://www.elysee.fr; style-src https://fonts.googleapis.com 'unsafe-inline' https://www.elysee.fr https://admin.elysee.fr https://www.elysee.fr 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.amplitude.com *.ads-twitter.com use.typekit.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.segment.com *.doubleclick.net sc-static.net *.google.com *.gstatic.com *.googlesyndication.com connect.facebook.net js.stripe.com cdn.seon.io www.redditstatic.com analytics.tiktok.com bat.bing.com *.checkout.com; font-src 'self' data: fonts.gstatic.com use.typekit.net frontend-assets.sorare.tech frontend-assets.sorare.com frontend-assets.sorare.dev; media-src 'self' *.ctfassets.net frontend-assets.sorare.com frontend-assets.sorare.tech frontend-assets.sorare.dev; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net use.typekit.net use.fontawesome.com blob:; connect-src *; img-src * data:; frame-src *; manifest-src 'self' https://sorare.cloudflareaccess.com; object-src 'none'; worker-src blob:; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleusercontent.com google.com md-scp.kampyle.com *.googleapis.com browser.sentry-cdn.com *.facebook.com tags.tiqcdn.com *.doubleclick.net analytics.aklamio.com livechat-static-vf-es.brandembassy.com *.vodafone.es static.whisbi.com *.outbrain.com ws.walmeric.com www.google.com t.co *.gstatic.com *.tealiumiq.com cdn.cookielaw.org www.google.nl wss://chat-gateway-vf-es.brandembassy.com channels-vf-es.brandembassy.com sp.analytics.yahoo.com *.googlesyndication.com *.onetrust.com sonata.aklamio.com *.adform.net nebula-cdn.kampyle.com *.twitter.com udc-neb.kampyle.com www.google.de *.eloqua.com *.facebook.net api.empathy.co *.tiktok.com *.ampproject.org www.google.com.pe *.omtrdc.net metrics.hotjar.io www.vodafone.esundefined img.en25.com bat.bing.com *.googleadservices.com api.aklamio.com www.google.ie app.glitchtip.com *.vodafone.com s.yimg.com ikaue-xpa-gateway-79cv1gog.wm.gateway.dev 3qas14kvni.execute-api.eu-central-1.amazonaws.com *.fastly.net *.demdex.net www.google.es www.googletagmanager.com adservice.google.com content.hotjar.io server.seadform.net *.hotjar.com t.womtp.com maps.google.com globalsiteanalytics.com www.google.com.co *.pinterest.com *.pinimg.com livechat-loader-vf-es.brandembassy.com *.ads-twitter.com vc.hotjar.io x.empathy.co awseurm.whisbi.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-FWFQgfxi5BdY3JDtmOCgbQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' *; media-src 'self' * data: ; font-src 'self' * data: ; img-src 'self' data: blob: *; script-src * 'unsafe-inline' 'unsafe-eval' data: *; style-src 'self' 'unsafe-inline' *; worker-src 'self' * blob: ; report-uri /api/csp-violation 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://footwearnews.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.hotjar.com *.doubleclick.net *.2o7.net analytics.google.com rules.quantcount.com *.omtrdc.net *.facebook.com *.googleapis.com *.licdn.com www.googletagmanager.com *.gstatic.com secure.quantserve.com *.linkedin.com assets.adobedtm.com www.google.com *.onetrust.com cdn.jsdelivr.net *.demdex.net *.everesttech.net *.facebook.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
script-src 'self' 'strict-dynamic' 'unsafe-eval' 'nonce-ff220c0886d447cf456133d9ae9bd63c' https://capital.com; img-src https://capital.com/ 'self' https://capital.com https://static.capital.com https://t.co https://analytics.twitter.com https://i.ytimg.com https://www.facebook.com https://i3.ytimg.com data: https://googletagmanager.com https://tagmanager.google.com https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://www.tradingview.com https://img.youtube.com https://lh7-us.googleusercontent.com https://lh5.googleusercontent.com https://fonts.gstatic.com https://ad.doubleclick.net https://bat.bing.com https://ade.googlesyndication.com https://capital.zendesk.com/ https://capital1640772205.zendesk.com/ https://www.google.com https://www.google.pl https://cdn.cookielaw.org https://lh6.googleusercontent.com https://s3.eu-west-1.amazonaws.com https://s3.tradingview.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://img.capital.com/ *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; font-src https://capital.com/ https://api.backend-capital.com/proxy 'self' https://clts-e170.cc https://fonts.gstatic.com https://static.capital.com https://datavis.capital.com https://s3.eu-west-1.amazonaws.com https://cdn.trustpilot.net http://themes.googleusercontent.com data: https://img.capital.com/; style-src https://capital.com/ https://api.backend-capital.com/proxy 'self' 'unsafe-inline' https://accounts.google.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://static.capital.com https://s3.eu-west-1.amazonaws.com https://img.capital.com/; frame-src https://capital.com/ https://api.backend-capital.com/proxy 'self' https://td.doubleclick.net https://www.youtube.com https://insight.adsrvr.org https://track.adform.net https://8280983.fls.doubleclick.net https://accounts.google.com https://www.google.com https://match.adsrvr.org https://static.capital.com https://aax-eu.amazon-adsystem.com https://if-cdn.com https://mozbar.moz.com https://platform.twitter.com https://img.capital.com/; connect-src https://capital.com/ https://api.backend-capital.com/proxy 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-eu.onetrust.com https://lh3.googleusercontent.com https://www.google-analytics.com https://analytics.tiktok.com https://region1.google-analytics.com https://www.facebook.com https://accounts.google.com https://api-adapter.backend-capital.com https://ara.paa-reporting-advertising.amazon https://aax-eu.amazon-adsystem.com https://pagead2.googlesyndication.com https://ekr.zdassets.com https://capital.zendesk.com/ https://capital1640772205.zendesk.com/ wss://api.smooch.io https://static.capital.com https://wa.appsflyer.com https://evnt.byspotify.com https://www.google.pl https://region1.analytics.google.com https://analytics.google.com https://googleads.g.doubleclick.net https://script.crazyegg.com https://pagestates-tracking.crazyegg.com https://assets-tracking.crazyegg.com https://tracking.crazyegg.com https://www.google.com https://tk.amazon-adsystem.com https://bat.bing.com https://pubads.g.doubleclick.net https://tr.snapchat.com https://wa.onelink.me https://graph.facebook.com https://stats.g.doubleclick.net https://clts-e170.cc https://go.capital.com https://cookie-cdn.cookiepro.com https://cdn-au.onetrust.com https://cdn-ukwest.onetrust.com https://ad.doubleclick.net https://www.googletagmanager.com https://adservice.google.com https://www.redditstatic.com https://pixel-config.reddit.com https://o306080.ingest.us.sentry.io https://img.capital.com/ wss://api.backend-capital.com https://api.backend-capital.com https://tradingview.backend-capital.com https://api-website.capital.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; media-src https://capital.com/ 'self' https://trade.capital.com https://static.zdassets.com https://static.capital.com https://ssl.gstatic.com; default-src https://capital.com/ 'self' https://static.capital.com; report-to csp-endpoint; 1
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri /csp-violation-report-endpoint.php; report-to csp-endpoint 1
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.onet.pl::APROD_3_9_0 1
script-src 'unsafe-eval' 'unsafe-inline' https: 'nonce-d081840272dd91d176ff0e38' 'strict-dynamic' 'report-sample'  https://*.criteo.com https://static.criteo.net  https://*.facebook.com https://connect.facebook.net  https://*.hotjar.com js.braintreegateway.com assets.braintreegateway.com www.paypalobjects.com *.paypal.com songbird.cardinalcommerce.com *.googletagmanager.com ; worker-src 'self'; object-src 'none'; base-uri 'none'; frame-ancestors 'none'; report-uri https://csp.tourradar.com 1
font-src *.fontawesome.com static.lipscore.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.survicate.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com www.googletagmanager.com *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.cookiebot.com *.doubleclick.net *.facebook.com *.optimizely.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com static.lipscore.com blob: https://images.unsplash.com *.airthings.com *.hubspot.com *.hsforms.com *.cookiebot.com *.bing.com *.doubleclick.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com static.lipscore.com *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.segment.com *.hubspot.com *.segmentapis.com *.hscollectedforms.net *.intercom.io *.cookiebot.com *.hs-scripts.com *.hsadspixel.net *.hs-analytics.net *.hs-banner.com *.survicate.com *.intercomcdn.com *.hsleadflows.net *.googlesyndication.com *.jquery.com *.adobedtm.com *.bing.com *.optimizely.com *.hotjar.com *.hubspotusercontent-na1.net *.hubspotusercontent-eu1.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com display.ugc.bazaarvoice.com static.lipscore.com maxcdn.bootstrapcdn.com *.survicate.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net wapi.lipscore.com users.lipscore.com https://get.geojs.io *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.cookiebot.com *.airthings.com *.googlesyndication.com *.segment.com *.hubspot.com *.segmentapis.com *.hscollectedforms.net *.intercom.io wss://nexus-websocket-a.intercom.io *.hubapi.com *.google.com google.com *.bing.com *.doubleclick.net *.survicate.com *.optimizely.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src data: blob: https: gap: gap-iab: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://dailyvoice.report-uri.com/r/d/csp/reportOnly 1
report-to default; 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk *.chatcora.natwest.com  *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.neolane.net *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.raptmedia.com *.rbos.com *.rbs.co.uk *.rbs.com *.rbsdigital.com *.supportcentre-rbs.co.uk *.snapchat.com *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net search-rbs.co.uk static.ads-twitter.com t.co www.brightedge.com *.everesttech.net *.everestjs.net cdn.cookielaw.org; upgrade-insecure-requests; report-uri https://rbspersonal.report-uri.com/r/t/csp/reportOnly 1
script-src-elem 'self' *.edpuzzle.com *.edpuzzle.dev 'unsafe-inline' 'unsafe-eval' latex.codecogs.com service.mtcaptcha.com service2.mtcaptcha.com *.google.com *.googleapis.com *.google-analytics.com lh3.googleusercontent.com accounts.google.com/gsi/style www.googletagmanager.com *.youtube.com www.youtube.com *.ytimg.com *.soundcloud.com *.mxpnl.com *.newrelic.com *.nr-data.net d1htrclywvryi1.cloudfront.net js.stripe.com *.twitter.com *.awswaf.com *.us-east-1.token.awswaf.com *.us-east-1.sdk.awswaf.com *.appcues.com login.microsoftonline.com *.codecogs.com;script-src-attr 'self' *.edpuzzle.com *.edpuzzle.dev 'unsafe-inline' 'unsafe-eval' latex.codecogs.com service.mtcaptcha.com service2.mtcaptcha.com *.google.com *.googleapis.com *.google-analytics.com lh3.googleusercontent.com accounts.google.com/gsi/style www.googletagmanager.com *.youtube.com www.youtube.com *.ytimg.com *.soundcloud.com *.mxpnl.com *.newrelic.com *.nr-data.net d1htrclywvryi1.cloudfront.net js.stripe.com *.twitter.com *.awswaf.com *.us-east-1.token.awswaf.com *.us-east-1.sdk.awswaf.com *.appcues.com login.microsoftonline.com *.codecogs.com;script-src 'self' *.edpuzzle.com *.edpuzzle.dev 'unsafe-inline' 'unsafe-eval' latex.codecogs.com service.mtcaptcha.com service2.mtcaptcha.com *.google.com *.googleapis.com *.google-analytics.com lh3.googleusercontent.com accounts.google.com/gsi/style www.googletagmanager.com *.youtube.com www.youtube.com *.ytimg.com *.soundcloud.com *.mxpnl.com *.newrelic.com *.nr-data.net d1htrclywvryi1.cloudfront.net js.stripe.com *.twitter.com *.awswaf.com *.us-east-1.token.awswaf.com *.us-east-1.sdk.awswaf.com *.appcues.com login.microsoftonline.com *.codecogs.com;connect-src 'self' *.edpuzzle.com *.edpuzzle.dev edpuzzle.imgix.net *.us-east-1.token.awswaf.com *.nr-data.net *.mxpnl.com *.mixpanel.com *.google-analytics.com *.googleapis.com accounts.google.com login.microsoftonline.com wss://5uj9b5geqb.execute-api.us-east-1.amazonaws.com wss://5k3vufy1vh.execute-api.us-east-1.amazonaws.com wss://api.appcues.net *.appcues.com audio-uploads-us-standard.s3.amazonaws.com uploaded-profile-images-us-standard.s3.amazonaws.com test-audio-uploads-us-standard.s3.amazonaws.com test-uploaded-profile-images.s3.amazonaws.com res.cdn.office.net video-uploads-us-standard.s3.amazonaws.com test-video-uploads-us-standard.s3.amazonaws.com uploaded-images-us-standard.s3.amazonaws.com test-uploaded-images-dev-us-standard.s3.amazonaws.com vimeo.com;frame-ancestors 'self';frame-src *;img-src * 'self' data: blob:;style-src * 'unsafe-inline' 'self';media-src * 'self' blob:;report-uri /api/v3/violations/csp;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self' *.instructure.com *.edu;object-src 'none';upgrade-insecure-requests 1
object-src 'none';base-uri 'self';script-src 'nonce-m3QnkPZXHZ7P9CTQSkPZ5A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' media1.jpc.de www.jpc.de; frame-ancestors 'none'; object-src 'none'; base-uri 'self'; script-src 'self' media1.jpc.de www.jpc.de 'nonce-RNicScahbl3OVapw/Roh8TK9TsoryHKmcq7tvKeeYuQXsZPZ5ajAb/nXFN6DXm1VddiWp0M10U0WMT4p62MFVw==' 'report-sample'; style-src 'self' media1.jpc.de www.jpc.de 'report-sample' 'unsafe-inline'; font-src 'self' media1.jpc.de www.jpc.de; img-src 'self' media1.jpc.de www.jpc.de data:; connect-src 'self' media1.jpc.de www.jpc.de https://use.jpc.de; report-uri /csp/; report-to csp-endpoint 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.privacy-mgmt.com maps.googleapis.com www.news.co.uk uk-script.dotmetrics.net *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com cdn.privacy-mgmt.com *.tiqcdn.com unpkg.com uk-script.dotmetrics.net *.scorecardresearch.com *.google-analytics.com *.googletagmanager.com *.brightcove.com; style-src 'self' 'unsafe-inline' data: use.fontawesome.com fonts.googleapis.com use.typekit.net maps.google.com unpkg.com; img-src 'self' data: *.googleapis.com *.gstatic.com *.google-analytics.com *.scorecardresearch.com *.news.co.uk www.news.co.uk *.dotmetrics.net newsuk.s3.amazonaws.com *.google.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' *.youtube.com *.vimeo.com *.brightcove.com cdn.privacy-mgmt.com; report-uri https://www.news.co.uk?gdsih-csp-report; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleapis.com cdn.pagesense.io *.onetrust.com portal.deltadental.com cdn.mouseflow.com www.google.com *.gstatic.com locationapi.cdn.pagesense.io www.googletagmanager.com cdn.cookielaw.org *.zoho.com www.deltadental.com support.deltadental.com rum.browser-intake-datadoghq.com static.zohocdn.com o2.mouseflow.com www.google-analytics.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.gstatic.com *.googleapis.com service4.us.incognia.com wa.onelink.me ze.delivery events.split.io *.tiktok.com www.ze.delivery www.google.com.br web-sdk-cdn.singular.net t.tailtarget.com service2.us.incognia.com *.typeform.com cdn.cookielaw.org *.facebook.com api.segment.io *.doubleclick.net *.onetrust.com tt-10943-6.seg.t.tailtarget.com *.hotjar.com *.facebook.net tags.w55c.net sdk.split.io streaming.split.io analytics.google.com auth.split.io api.ze.delivery wa.appsflyer.com websdk.appsflyer.com b.t.tailtarget.com www.googletagmanager.com d.tailtarget.com adservice.google.com cdn.segment.com vc.hotjar.io *.googleadservices.com *.mathtag.com *.imgix.net tags.t.tailtarget.com wss://conn-check.incognia.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-bHkK7TdseI-wpSwVmJ8kBg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
upgrade-insecure-requests; frame-ancestors 'self' https://*.sensibull.com https://kite.zerodha.com; report-uri https://7eae552da389ebb083bedadbd9428ed2.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; script-src 'self' 'nonce-cacea9618f2907a81d4c24736f740365c43f44a9da9bbc1d291faab6f8f095cc' https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://*.googletagmanager.com https://*.clearbitjs.com https://*.licdn.com http://*.facebook.net https://*.adroll.com https://*.crazyegg.com https://www.clarity.ms http://*.bing.com https://*.bing.com http://*.hs-scripts.com https://*.hs-scripts.com https://*.hs-banner.com https://*.hs-analytics.net https://*.hsadspixel.net https://*.sa-as.com https://*.cloudfront.net https://www.redditstatic.com; script-src-elem 'self' 'nonce-cacea9618f2907a81d4c24736f740365c43f44a9da9bbc1d291faab6f8f095cc' http://static.ads-twitter.com https://sc.lfeeder.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://tagmanager.google.com https://www.googletagmanager.com https://*.clearbitjs.com https://*.licdn.com http://*.facebook.net https://*.adroll.com https://*.crazyegg.com https://www.clarity.ms http://*.bing.com https://*.bing.com http://*.hs-scripts.com https://*.hs-scripts.com https://*.hs-banner.com https://*.hs-analytics.net https://*.hsadspixel.net https://*.sa-as.com https://*.cloudfront.net https://www.redditstatic.com; img-src 'self' 'nonce-cacea9618f2907a81d4c24736f740365c43f44a9da9bbc1d291faab6f8f095cc' https://www.google-analytics.com https://*.g.doubleclick.net https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://*.google.com https://*.clearbitjs.com https://*.hsforms.net https://*.adsymptotic.com https://*.linkedin.com https://*.lfeeder.com https://*.cloudfront.net https://track.hubspot.com https://q.quora.com https://*.sa-as.com https://*.reddit.com https://*.bing.com; connect-src 'self' 'nonce-cacea9618f2907a81d4c24736f740365c43f44a9da9bbc1d291faab6f8f095cc' https://cs.lf-discover.com wss://visitors.live wss://in.visitors.live https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google-analytics.com https://*.doubleclick.net https://*.leadinfo.net https://d.adroll.com https://*.clarity.ms https://*.crazyegg.com https://*.luckyorange.net https://*.hubapi.com https://*.hubspot.com https://*.hsforms.com https://minio.ghost.io; style-src 'self' 'nonce-cacea9618f2907a81d4c24736f740365c43f44a9da9bbc1d291faab6f8f095cc' https://*.cloudfront.net http://bat.bing.com https://bat.bing.com https://tagmanager.google.com https://fonts.googleapis.com; font-src 'self' 'nonce-cacea9618f2907a81d4c24736f740365c43f44a9da9bbc1d291faab6f8f095cc' https://fonts.gstatic.com; object-src 'none'; media-src 'self' 'nonce-cacea9618f2907a81d4c24736f740365c43f44a9da9bbc1d291faab6f8f095cc' https://*.cloudfront.net; frame-src 'self' 'nonce-cacea9618f2907a81d4c24736f740365c43f44a9da9bbc1d291faab6f8f095cc' https://bid.g.doubleclick.net https://www.google.com/ https://*.hubspot.com http://minio.lookbookhq.com https://minio.lookbookhq.com http://minio.pathfactory.com https://minio.pathfactory.com http://resources.min.io https://resources.min.ioframe-ancestors 'self' https://*.hubspot.com http://minio.lookbookhq.com https://minio.lookbookhq.com http://minio.pathfactory.com https://minio.pathfactory.com http://resources.min.io https://resources.min.io 1
frame-ancestors 'self'; upgrade-insecure-requests; report-uri https://5b99b19026a35ad04db5bcf778a03938.report-uri.com/r/d/csp/reportOnly 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://static.hotjar.com https://script.hotjar.com https://js.adsrvr.org https://connect.facebook.net https://siteimproveanalytics.com https://static.ads-twitter.com https://cdn.taboola.com https://trc.taboola.com https://psb.taboola.com https://snap.licdn.com https://munchkin.marketo.net https://widget.tagembed.com https://cdn.theaccessplatform.com https://code.jquery.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net https://cdn.tagembed.com;object-src 'none';base-uri 'self';connect-src 'self' https://delivery-cqucontenthub.stylelabs.cloud https://fb.cqu.edu.au https://www-search.cqu.edu.au https://dxp-au-search.funnelback.squiz.cloud https://www.google-analytics.com https://analytics.google.com https://www.google.com.au https://google.com https://www.googletagmanager.com https://www.google.com https://adservice.google.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://pips.taboola.com https://cds.taboola.com https://622-hhc-246.mktoresp.com https://622-hhc-246.mktoutil.com https://www.facebook.com https://trc-events.taboola.com https://s3.us-west-1.wasabisys.com wss://ws.hotjar.com https://content.hotjar.io https://vc.hotjar.io https://psb.taboola.com https://api.theaccessplatform.com https://munchkin.marketo.net https://api.intentiq.com https://cdn.taboola.com;font-src 'self' data https://fonts.gstatic.com https://use.typekit.net https://cdn.theaccessplatform.com;frame-src 'self' https://insight.adsrvr.org https://9389440.fls.doubleclick.net https://www.youtube.com https://td.doubleclick.net https://www.facebook.com https://platform.twitter.com https://match.adsrvr.org https://tsdtocl.com;img-src 'self' https://staff-profiles.cqu.edu.au https://delivery-cqucontenthub.stylelabs.cloud https://www.google-analytics.com https://www.google.com.au https://www.google.com https://www.googletagmanager.com https://www.google.com.co https://www.google.com.pe https://www.google.com.bd https://www.google.co.in https://www.google.com.ng https://www.google.com.np https://www.google.lk https://googleads.g.doubleclick.net https://analytics.twitter.com https://px.ads.linkedin.com https://www.facebook.com https://78858.global.siteimproveanalytics.io https://t.co https://www.linkedin.com https://i.ytimg.com https://aumejtoqen.cloudimg.io https://ui-avatars.com https://fs.theambassadorplatform.com https://sync.intentiq.com https://cdn.taboola.com;manifest-src 'self';media-src 'self' https://delivery-cqucontenthub.stylelabs.cloud;worker-src 'none';report-uri https://wwwcqu.report-uri.com/r/d/csp/reportOnly; 1
frame-ancestors 'self' https://*.mastercontrol.com mastercontrol.service-now.com; object-src 'none'; form-action 'self' https://*.mastercontrol.com *.rise.com *.service-now.com mastercontrol.influitive.com gateway.zscloud.net mastercontrol.uservoice.com https://*.facebook.com https://connect.facebook.net; base-uri 'self' https://*.mastercontrol.com https://*.clarity.ms; report-uri https://reportcsp.azurewebsites.net/api/CSPViolation 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn-web.zinio.com https://js-agent.newrelic.com https://*.nr-data.net https://www.googleadservices.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.paypal.com https://www.paypalobjects.com https://*.braintreegateway.com https://*.cardinalcommerce.com https://www.googletagmanager.com https://www.google-analytics.com https://zinio-sjc.gravityrd-services.com https://*.zopim.com https://static.zdassets.com https://d1fc8wv8zag5ca.cloudfront.net/2.10.2/sp.js https://cdn.jsdelivr.net https://recaptcha.net https://www.gstatic.com https://connect.facebook.net https://www.facebook.com https://sleeknotecustomerscripts.sleeknote.com https://sleeknotestaticcontent.sleeknote.com;style-src 'self' 'unsafe-inline' https://*.audiencemedia.com data:;img-src 'self' data: blob: https://*.ziniopro.com https://*.audiencemedia.com https://googleads.g.doubleclick.net https://www.google.com https://*.paypal.com https://*.braintreegateway.com https://v2assets.zopim.io https://discover.zinio.com https://sleeknotestaticcontent.sleeknote.com https://analytics.sleeknote.com https://www.google-analytics.com https://www.facebook.com https://www.googletagmanager.com;media-src 'self' https://static.zdassets.com;connect-src 'self' https://*.audiencemedia.com https://*.ziniopro.com https://*.nr-data.net https://googleads.g.doubleclick.net https://adservice.google.com https://cdn.jsdelivr.net https://*.braintree-api.com https://*.braintreegateway.com https://*.cardinalcommerce.com https://www.paypal.com https://ekr.zdassets.com https://zinio.zendesk.com wss://widget-mediator.zopim.com wss://zinio.zendesk.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://collector.datacloud.zinio.com https://www.facebook.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://images.sleeknote.com https://sleeknotestaticcontent.sleeknote.com https://sleeknotecustomerscripts.sleeknote.com;font-src 'self' https://*.audiencemedia.com https://fonts.gstatic.com https://sleeknotestaticcontent.sleeknote.com;frame-src 'self' https://td.doubleclick.net https://*.paypal.com https://*.braintreegateway.com https://recaptcha.net https://www.facebook.com https://web.facebook.com https://*.sleeknote.com;frame-ancestors none 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.gstatic.com https://maps.googleapis.com https://static.ads-twitter.com https://analytics.twitter.com https://us1.siteimprove.com https://siteimproveanalytics.com/ https://cdn.jsdelivr.net https://snap.licdn.com https://use.typekit.net https://www.instagram.com https://tag.demandbase.com https://cc.cdn.civiccomputing.com https://cdnjs.cloudflare.com https://code.jquery.com https://unpkg.com https://www.tintup.com; script-src-elem 'self' 'unsafe-inline' https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.gstatic.com https://maps.googleapis.com https://static.ads-twitter.com https://analytics.twitter.com https://us1.siteimprove.com https://siteimproveanalytics.com/ https://cdn.jsdelivr.net https://snap.licdn.com https://use.typekit.net https://www.instagram.com https://tag.demandbase.com https://cc.cdn.civiccomputing.com https://cdnjs.cloudflare.com https://code.jquery.com https://unpkg.com https://www.tintup.com; report-to default; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bat.bing.com cdn.cookielaw.org *.everesttech.net c.evidon.com l.evidon.com somni.serve.com *.omtrdc.net assets.adobedtm.com www.serve.com *.onetrust.com *.demdex.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.goldderby.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-Sg5ZSXy_hKiwRFS4Eo3cnw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-fGQq473O-IGEepLx8byZBg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'self'; report-uri https://www.kidspot.com.au/csp-reports 1
connect-src 'self' https://status.netservicesgroup.com https://www.google-analytics.com; default-src 'self' http://www.techadvisory.org https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://helpdesk.netservicesgroup.com:80; img-src 'self' http://www.internettrafficreport.com https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com http://www.techadvisory.org https://www.netservicesgroup.com http://graphs.ntppool.net http://www.pool.ntp.org https://www.google-analytics.com https://secure.trust-provider.com http://www.trustlogo.com/; frame-src https://www.google.com https://status.netservicesgroup.com; child-src https://status.netservicesgroup.com https://www.google.com https://helpdesk.netservicesgroup.com http://openspeedtest.com https://urldefense.proofpoint.com https://quickclick.com; style-src 'self' https://www.netservicesgroup.com https://status.netservicesgroup.com 'sha256-zL+zKXgt2515GaHwEfkV8QPRfZZcGr/ibUw4EJ3V13s=' 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-Pkt8j98M46glrPDzrqR9I9gac/h2nvberIdQkhIGySk=' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://secure.trust-provider.com 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-rvExcqXg6slhViMilpJKfslIcSuTwNcaJTyiU0PTfEc=' https://secure.comodo.com; script-src 'self' https://www.google.com https://www.gstatic.com https://secure.trust-provider.com http://www.trustlogo.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://www.netservicesgroup.com https://ajax.googleapis.com https://oss.maxcdn.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://status.netservicesgroup.com https://secure.comodo.com 'sha256-3ocR7726kV2Y3awnQx4u408K1Dxd7l3X9nvrC91J15k=' 'sha256-YG4fTNWYCHAm4AVC2mnK8Tj09alaJWJTk+LJy+5kHho=' 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-rvExcqXg6slhViMilpJKfslIcSuTwNcaJTyiU0PTfEc=' 'sha256-/LNrhX3k9yooaUcjJ9wGqDoSJEFQEozZc8jtdbq+lMg=' 'sha256-ahfvWH65y6WEYvXXrsReZDD9l5f9wMFjeLjl+8hkRIg=' 'sha256-rvExcqXg6slhViMilpJKfslIcSuTwNcaJTyiU0PTfEc='; font-src 'self' https://www.netservicesgroup.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; report-uri https://www.netservicesgroup.com/csp.php 1
default-src 'self' motul.com *.cdninstagram.com *.elfsightcdn.com; script-src 'self' 'unsafe-eval' *.axept.io *.elfsight.com *.googletagmanager.com *.hotjar.com *.facebook.net 'unsafe-inline' *.googleapis.com *.channelsight.com js.monitor.azure.com *.explorify.com *.elfsightcdn.com *.youtube.com; img-src 'self' staging-cms.motul.com axeptio.imgix.net www.google.com *.gstatic.com data: *.elfsight.com *.facebook.com *.elfsightcdn.com *.googleapis.com *.hotjar.com *.cdninstagram.com *.motul.com *.amazonaws.com *.channelsight.com cscoreproweustor.blob.core.windows.net motul.incony.de *.explorify.com https://i.ytimg.com/; child-src 'self' motul.com *.hotjar.com *.youtube.com *.youtube-nocookie.com;; style-src 'self' 'unsafe-inline' *.elfsight.com *.googleapis.com *.channelsight.com *.explorify.com; font-src 'self' *.gstatic.com *.hotjar.com *.channelsight.com *.explorify.com data:; report-uri /api/v2/security-headers; connect-src cdn.ingosa.ai 'self' *.axept.io axeptio.imgix.net *.spinque.com *.elfsight.com *.facebook.net *.google-analytics.com analytics.google.com *.hotjar.com *.googleapis.com *.azurewebsites.net *.motul.com *.hotjar.io wss://ws4.hotjar.com *.channelsight.com; frame-ancestors 'self' *.motul.com 1
default-src 'self' https://*.ebizautos.com; img-src *; script-src 'self' 'unsafe-inline' *; font-src *; media-src *; frame-src *; manifest-src 'self'; style-src 'self' 'unsafe-inline' *; connect-src https://*; object-src 'none'; worker-src 'none'; base-uri 'self'; 1
default-src 'self'; style-src 'self' https://*.typekit.net https://cdnjs.cloudflare.com; font-src https://*.typekit.net; script-src 'self' https://sparkplatform.com https://cdnjs.cloudflare.com 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: sa.vic-m.co www.googletagmanager.com register.feefo.com bat.bing.com client.lunio.ai *.gstatic.com s.seedtag.com match.sharethrough.com maxcdn.bootstrapcdn.com rt.udmserve.net *.rubiconproject.com *.casalemedia.com newtestwww.discsrv.co.za ads.yieldmo.com *.smartadserver.com discovery.co.za localhost:8000 sync.teads.tv api.gov-img.site *.discovery.co.za *.iperceptions.com *.licdn.com *.onetrust.com static.vic-m.co *.googleapis.com *.doubleclick.net www.youtube.com *.taboola.com inv-nets.admixer.net ads.stickyadstv.com *.cloudfront.net api.feefo.com *.tiktok.com *.rfihub.com t.adx.opera.com *.googleadservices.com localhost:8001 csync.loopme.me sync-service.net *.outbrain.com sync.1rx.io fast.nexx360.io region1.analytics.google.com sync.connectad.io *.googlesyndication.com s.ad.smaato.net sync.go.sonobi.com www.google.co.za s-cs.rmp.rakuten.com eb2.3lift.com ams.creativecdn.com *.pubmatic.com *.facebook.com www.google-analytics.com us.ck-ie.com s.yimg.com www.googleoptimize.com maps.google.co.za adservice.google.com *.clarity.ms visitor.omnitagjs.com collect.feefo.com assets.humanz.com t.co ad.vic-m.co *.facebook.net cm.mgid.com www.google.nl sp.analytics.yahoo.com hbx.media.net cdnjs.cloudflare.com dhpdocu02:7002 tags.creativecdn.com click.prod.mplat-ppcprotect.com *.openx.net *.twitter.com analytics.google.com sync.addlv.smt.docomo.ne.jp *.adnxs.com cdn.jsdelivr.net *.lijit.com i.imgur.com pclick.prod.mplat-ppcprotect.com v11cf13hx0.execute-api.eu-west-1.amazonaws.com ih.adscale.de usersync.gumgum.com onetag-sys.com *.linkedin.com banner.vic-m.co f.creativecdn.com *.ads-twitter.com www.google.co.uk sync.console.adtarget.com.tr i.ytimg.com ice.360yield.com c.bing.com www.google.com *.opendns.com sync.e-planning.net discoveryvitalitytagservice.inqubacx.com *.adform.net ssc-cms.33across.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' *.gstatic.com *.googleapis.com *.google.com *.google.co.jp *.google-analytics.com *.googlesyndication.com *.g.doubleclick.net *.facebook.com platform.twitter.com www.paydesign.jp www.e-scott.jp reserva.be *.reserva.be; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jquery.com *.google.com *.google.co.jp *.googleapis.com *.googleadservices.com googleads.g.doubleclick.net *.google-analytics.com *.googlesyndication.com *.googletagservices.com *.googletagmanager.com tagmanager.google.com s.yimg.jp *.yahoo.co.jp connect.facebook.net *.twitter.com *.ads-twitter.com *.a8.net *.atown.jp *.felmat.net a.o2u.jp beacon.digima.com cmkt.jp beacon.digima.com d.line-scdn.net in.treasuredata.com js.fout.jp js.ptengine.jp kitchen.juicer.cc static.criteo.net sslwidget.criteo.com sync.im-apps.net *.socdm.com af.tosho-trading.co.jp cdn.audiencedata.net cdn.smartnews-ads.com cdn.treasuredata.com js.crossees.com s.dc-tag.jp tags.bkrtx.com www.paydesign.jp www.e-scott.jp; style-src 'self' 'unsafe-inline' *.googleapis.com fonts.gstatic.com www.paydesign.jp www.e-scott.jp; img-src 'self' *.google.com *.google.co.jp googleads.g.doubleclick.net *.google-analytics.com *.googlesyndication.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.facebook.com *.yahoo.co.jp a.ddli.jp a.o2u.jp b.audiencedata.net cnt.fout.jp cm.g.doubleclick.net i.smartnews-ads.com in.treasuredata.com t.co tags.bluekai.com tg.socdm.com data: ; font-src 'self' *.googleapis.com www.paydesign.jp www.e-scott.jp fonts.gstatic.com data: ; report-uri https://cts.reserva.be/csp-report ; 1
default-src 'self'; frame-ancestors 'self'; base-uri 'none'; object-src 'none'; connect-src 'self' adservice.google.com/pagead/regclk audible.sc.omtrdc.net audible.tt.omtrdc.net ct.pinterest.com dpm.demdex.net fls-na.amazon.com m.media-amazon.com pagead2.googlesyndication.com pixel.quantcount.com sonic.frontier.a2z.com tr.snapchat.com unagi-na.amazon.com unagi.amazon.com us-central1-adaptive-growth.cloudfunctions.net www.facebook.com/tr/ www.google.com/pagead/landing; font-src m.media-amazon.com; frame-src 'self' 12184389.fls.doubleclick.net 8127728.fls.doubleclick.net audible.demdex.net ct.pinterest.com insight.adsrvr.org match.adsrvr.org td.doubleclick.net tr.snapchat.com www.facebook.com; img-src 'self' ad.doubleclick.net analytics.twitter.com bat.bing.com ct.pinterest.com fls-na.amazon.com googleads.g.doubleclick.net/pagead/viewthroughconversion/ images-eu.ssl-images-amazon.com images-na.ssl-images-amazon.com lantern.roeye.com m.media-amazon.com pixel.mediaiqdigital.com pixel.quantserve.com secure.adnxs.com t.co www.awin1.com/sread.php www.facebook.com www.google.ca/pagead/1p-user-list/ www.googletagmanager.com; media-src 'self' images-na.ssl-images-amazon.com/images/ m.media-amazon.com samples.audible.co.uk; script-src 'self' 'unsafe-inline' apps.rokt.com audible.sc.omtrdc.net bat.bing.com cdn.pdst.fm connect.facebook.net d1g3myji5lplsh.cloudfront.net d2nttevkh1mtzs.cloudfront.net googleads.g.doubleclick.net images-na.ssl-images-amazon.com js.adsrvr.org lantern.roeyecdn.com rules.quantcount.com s.pinimg.com sc-static.net secure.quantserve.com static.ads-twitter.com tr.snapchat.com www.dwin1.com www.googleadservices.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' images-na.ssl-images-amazon.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://managewp.com https://orion.managewp.com https://s42013.pcdn.co https://db0hcalplzljl.cloudfront.net/ https://*.google.com api.w.org https://*.googleapis.com ogp.me https://www.facebook.com *.google-analytics.com api.w.org *.googletagmanager.com tags.tiqcdn.com use.typekit.net s.w.org https://secure.gravatar.com https://connect.facebook.net https://p.typekit.net https://www.googleadservices.com https://fonts.gstatic.com https://www.gstatic.com  https://*.g.doubleclick.net https://player.vimeo.com https://*.youtube.com https://*.youtube-nocookie.com https://*.googlevideo.com https://*.ytimg.com data:;  img-src * data:;  object-src 'none'; 1
connect-src 'self' data: *.amazonaws.com *.analytics.google.com *.google-analytics.com *.doubleclick.net *.facebook.com *.googleapis.com *.gstatic.com *.masonline.id *.nr-data.net *.stockbit.com *.tiktok.com *.youtube.com wss://*.crisp.chat wss://*.stockbit.com analytics.google.com api.trongrid.io cdnma.cdnservice.space client.crisp.chat www.google.co.id; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stockbit.com analytics.tiktok.com apis.google.com app.midtrans.com bam.nr-data.net client.crisp.chat connect.facebook.net d2r1yp2w7bby2u.cloudfront.net js-agent.newrelic.com midtrans.com nr-data.net sg1.wzrkt.com www.google-analytics.com www.google.com/recaptcha/api.js www.googletagmanager.com www.gstatic.com/firebasejs/ www.gstatic.com/recaptcha/ www.youtube.com/iframe_api www.youtube.com/s/player/ ssl.google-analytics.com; worker-src blob:; style-src 'self' 'unsafe-inline' *.cloudfront.net assets-nextjs.stockbit.com client.crisp.chat translate.googleapis.com; object-src 'none'; media-src 'self' assets-nextjs.stockbit.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub1d9a1c8916e2bfd1c2dbec72dd1a5283&dd-evp-origin=content-security-policy&ddsource=csp-report; 1
font-src https://fonts.gstatic.com *.gstatic.com 'self' data: https://ka-p.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cybersource.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.getbread.com *.breadpayments.com *.rbcpayplan.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.weltpixel.com *.cybersource.com https://www.youtube.com https://ct.pinterest.com https://pixel-sync.sitescout.com *.pitai.io https://www.paypalobjects.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.getbread.com *.breadpayments.com *.rbcpayplan.com shipping-offers-static-images-bucket-platformsandbox.s3.amazonaws.com shipping-offers-static-images-bucket-stage.s3.amazonaws.com shipping-offers-static-images-bucket-prod.s3.amazonaws.com shipping-offers-static-images-bucket-dev.s3.amazonaws.com shipping-offers-static-images-bucket-demo.s3.amazonaws.com helloextend-static-assets.s3.amazonaws.com https://s3.amazonaws.com/ccspersistenceprod-contentstaticassets04b201d4-1apqb8dyegznm/offers/learnMoreModal-default-1654273334107-learnMoreModal.backgroundImageUrl_Generic_WomanwithBox2.jpg https://helloextend-static-assets.s3.amazonaws.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com store.paradoxlabs.com 'self' data: *.gstatic.com *.facebook.com www.mypillow.com https://www.mypillow.com https://trkn.us https://bat.bing.com https://obs.segreencolumn.com https://pixel.sitescout.com *.riskified.com *.pitai.io *.listrakbi.com https://mediacdn.espssl.com *.google.com *.google.pl https://static-na.payments-amazon.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.getbread.com *.breadpayments.com *.rbcpayplan.com https://sdk.helloextend.com/ https://*.helloextend.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com h.online-metrix.net *.authorize.net *.google.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net data: *.mypillow.com *.listrakbi.com https://bat.bing.com https://analytics.tiktok.com *.zdassets.com https://www.youtube.com https://sdk.helloextend.com https://static.cloudflareinsights.com https://script.hotjar.com *.listrak.com https://s.pinimg.com https://www.google-analytics.com/analytics.js https://obs.segreencolumn.com *.pitai.io https://beacon.riskified.com https://tags.srv.stackadapt.com *.basis.net https://ct.pinterest.com https://pixel-sync.sitescout.com https://a.ads.rmbl.ws https://sandbox-api.epicpay.com *.hotjar.com *.noibu.com *.segreencolumn.com https://api.epicpay.com https://maps.googleapis.com https://g9508048080.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com https://tags.srv.stackadapt.com *.listrakbi.com https://kit.fontawesome.com https://ka-p.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.getbread.com *.breadpayments.com *.rbcpayplan.com https://*.helloextend.com/ https://*.extend.com/ https://*.helloextend.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com h.online-metrix.net *.authorize.net t.elasticsuite.io *.google-analytics.com *.facebook.net https://input.noibu.com https://obs.segreencolumn.com wss://input.noibu.com *.zdassets.com *.analytics.google.com https://ct.pinterest.com *.pitai.io *.listrak.com *.listrakbi.com https://tags.srv.stackadapt.com *.riskified.com *.paypal.com *.breadgateway.net *.doubleclick.net *.hotjar.io https://bat.bing.com https://mypillow.zendesk.com https://www.google.pl https://maps.googleapis.com https://www.mypillow.com wss://ws.hotjar.com/api/v2/client/ws *.noibu.com https://analytics.tiktok.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleusercontent.com www.sagaftra.org www.googletagmanager.com momentjs.com cdn01.boxcdn.net tdns2.gtranslate.net www.google-analytics.com *.googleapis.com cdn.datatables.net siteimproveanalytics.com img04.en25.com *.oraclecloud.com code.jquery.com www.google.ie cdnjs.cloudflare.com fast.fonts.net www.youtube.com *.eloqua.com *.facebook.net *.doubleclick.net *.custhelp.com *.gstatic.com www.google.co.uk analytics.google.com region1.analytics.google.com *.siteimproveanalytics.io maxcdn.bootstrapcdn.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-UO5JGTmzU6me4WKo4Cvq6g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.acsbap.com https://*.acsbapp.com https://*.addthis.com https://*.datasteam.io https://*.hotjar.com https://*.iperceptions.com https://*.kaspersky-labs.com https://*.optimizely.com https://*.rssc.com https://*.salesforceliveagent.com https://aa.agkn.com https://acsbap.com https://acsbapp.com https://ads.creative-serving.com https://ajax.googleapis.com https://assets.adobedtm.com https://assetscdn.stackla.com https://bam.nr-data.net https://bat.bing.com https://cdn.bc0a.com https://cdn.cookielaw.org https://connect.facebook.net https://ct.pinterest.com https://dms.netmng.com https://edge.approachguides.com https://flex.atdmt.com https://googleads.g.doubleclick.net https://iperceptions01.azureedge.net https://ips-invite.iperceptions.com https://js-agent.newrelic.com https://js.extpost.xyz https://js.stripe.com https://live.approachguides.com https://login-ds.dotomi.com https://ncl.secure.force.com https://nclh.my.salesforce-sites.com https://nclh.my.salesforce.com https://p11.techlab-cdn.com https://platform.twitter.com https://pnapi.invoca.net https://pwm-image.trendmicro.com https://regentsevenseascruises.formstack.com https://rssc.usablenet.com https://s.go-mpulse.net https://s.pinimg.com https://s.yimg.com https://secure.adnxs.com https://service.force.com https://solutions.invocacdn.com https://static.ads-twitter.com https://static.doubleclick.net https://static.formstack.com https://static.lightning.force.com https://tags.tiqcdn.com https://tpc.googlesyndication.com https://v1.addthisedge.com https://vd.vidoplay.com https://vjs.zencdn.net https://w.soundcloud.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.rssc.com https://www.youtube.com https://z.moatads.com blob:; style-src 'unsafe-inline' 'self' https://api.tiles.mapbox.com https://assetscdn.stackla.com https://cdn.fonts.net https://cdn.honey.io https://edge.approachguides.com https://fonts.googleapis.com https://live.approachguides.com https://ncl.secure.force.com https://nclh.my.salesforce.com https://service.force.com https://vjs.zencdn.net https://www.gstatic.com https://www.rssc.com blob:; img-src 'self' https://*.acsbap.com https://*.acsbapp.com https://*.akstat.io https://*.doubleclick.net https://*.rssc.com https://aa.agkn.com https://acsbap.com https://acsbapp.com https://ads.stickyadstv.com https://ap.lijit.com https://api.datasteam.io https://api.dtstmio.com https://assetscdn.stackla.com https://b.videoamp.com https://bam.nr-data.net https://bat.bing.com https://bh.contextweb.com https://cdn.approachguides.co https://cdn.cookielaw.org https://cdn.honey.io https://cm.everesttech.net https://cm.g.doubleclick.net https://condenast.demdex.net https://connect.facebook.net https://content-cdn.stackla.com https://contextual.media.net https://crb.kargo.com https://cs.admanmedia.com https://cs.openwebmedia.org https://cs.openwebmp.com https://csync.loopme.me https://da7xgjtj801h2.cloudfront.net https://dclk-match.dotomi.com https://dpm.demdex.net https://dsum-sec.casalemedia.com https://e1.emxdgt.com https://eb2.3lift.com https://encrypted-tbn0.gstatic.com https://encrypted-tbn1.gstatic.com https://encrypted-tbn2.gstatic.com https://encrypted-tbn3.gstatic.com https://exchange-match.mediaplex.com https://fastly.picsum.photos https://fonts.gstatic.com https://googleads.g.doubleclick.net https://i.liadm.com https://i6.liadm.com https://ib.adnxs.com https://idsync.live.streamtheworld.com https://idsync.rlcdn.com https://idxch.rtactivate.com https://image8.pubmatic.com https://ips-img.iperceptions.com https://ips-invite.iperceptions.com https://lh3.google.com https://lh3.googleusercontent.com https://login-ds.dotomi.com https://login.dotomi.com https://match.adsrvr.org https://match.sharethrough.com https://match.sync.ad.cpe.dotomi.com https://media-library.stackla.com https://partners.tremorhub.com https://picsum.photos https://pixel.rubiconproject.com https://ps.eyeota.net https://pt.ispot.tv https://region1.analytics.google.com https://rtb-csync.smartadserver.com https://s.ad.smaato.net https://script.hotjar.com https://secure.adnxs.com https://simage2.pubmatic.com https://sp.analytics.yahoo.com https://static.formstack.com https://sync.1rx.io https://sync.bfmio.com https://tags.bluekai.com https://tags.w55c.net https://tpc.googlesyndication.com https://translate.google.com https://ups.analytics.yahoo.com https://us-east.ads.audio.thisisdax.com https://us-u.openx.net https://us.ck-ie.com https://web-assets.stackla.com https://www.facebook.com https://www.google-analytics.com https://www.google.ae https://www.google.al https://www.google.at https://www.google.be https://www.google.bg https://www.google.bs https://www.google.by https://www.google.ca https://www.google.ch https://www.google.cl https://www.google.cn https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.uk https://www.google.co.za https://www.google.com https://www.google.com.ar https://www.google.com.au https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.ec https://www.google.com.hk https://www.google.com.mx https://www.google.com.my https://www.google.com.pe https://www.google.com.ph https://www.google.com.pr https://www.google.com.sa https://www.google.com.sg https://www.google.com.tr https://www.google.com.tw https://www.google.de https://www.google.dk https://www.google.es https://www.google.fi https://www.google.fr https://www.google.gg https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.im https://www.google.it https://www.google.je https://www.google.lu https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ru https://www.google.se https://www.googletagmanager.com https://www.gstatic.com https://www.rssc.com  data: blob:; font-src 'self' https://assetscdn.stackla.com https://fonts.gstatic.com https://script.hotjar.com https://shopping.qantas.com https://static.formstack.com https://static2.sharepointonline.com https://vjs.zencdn.net https://www.rssc.com data:; frame-ancestors 'self' *.onelink-translations.com https://*.rssc.com; worker-src 'self' blob:; object-src 'self'; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=puba307841645eaebf9edbc94ad5efbd926&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=rssc-prod; report-to dd-endpoint; 1
default-src 'self' 'unsafe-inline' region1.analytics.google.com www.google-analytics.com *.google.com *.google.it *.printfriendly.com www.unescap.org unescap.org static.cloudflareinsights.com escap-unescapweb-p.azurewebsites.net; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.analytics.google.com *.google-analytics.com https://www.google-analytics.com *.printfriendly.com www.unescap.org unescap.org static.cloudflareinsights.com ajax.cloudflare.com *.flickr.com platform.twitter.com *.youtube.com *.cloudflare.com ajax.googleapis.com escap-unescapweb-p.azurewebsites.net cdn.datatables.net; style-src 'self' 'unsafe-inline' *.google.com *.gstatic.com www.unescap.org unescap.org *.fontawesome.com  *.jsdelivr.net *.googleapis.com https://fonts.gstatic.com https://unpkg.com ajax.cloudflare.com *.cloudflare.com repository.unescap.org escap-unescapweb-p.azurewebsites.net code.jquery.com; img-src 'self' 'unsafe-inline' data: *.google-analytics.com *.google.it *.google.com *.googletagmanager.com www.unescap.org unescap.org repository.unescap.org youtube.com www.youtube.com i.ytimg.com *.staticflickr.com *.twitter.com *.google.co.th escap-unescapweb-p.azurewebsites.net; frame-src 'self' youtube.com www.youtube.com *.google.com *.gstatic.com www.unescap.org unescap.org *.unescap.org *.twitter.com *.canva.com *.powerbi.com; child-src 'self' youtube.com www.youtube.com *.google.com *.gstatic.com www.unescap.org unescap.org; font-src 'self' https://fonts.googleapis.com *.fontawesome.com https://fonts.gstatic.com *.jsdelivr.net www.unescap.org unescap.org *.cloudflare.com; connect-src www.google-analytics.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net www.unescap.org unescap.org cloudflareinsights.com repository.unescap.org escap-unescapweb-p.azurewebsites.net; report-uri /report-csp-violation 1
object-src 'none';base-uri 'self';script-src 'nonce-tqY0sOxdl3xXqiq_F_ntuw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleadservices.com; connect-src 'self' *.eb486214a2754798a93597746cfc416f.apm.us-east-1.aws.cloud.es.io; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri http://prod-public-elastic-agent-lb-1115903262.us-east-1.elb.amazonaws.com 1
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://kontur.ru/csp 1
object-src players.brightcove.net www.realpage.com s.realpage.com vjs.zencdn.net;img-src * blob: data: ; font-src acsbapp.com www.realpage.com s.realpage.com use.typekit.net fonts.gstatic.com vjs.zencdn.net maxcdn.bootstrapcdn.com www.slant.co data:; style-src *.typekit.net *.realpage.com fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' *.realpage.com *.seismic.com www.realpagelearning.com *.yieldstar.com *.mpfyieldstar.com www.on-site.com; report-to report-only; 1
default-src 'self'; img-src 'self' https://www.google-analytics.com; style-src 'self'; script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com; connect-src: 'self' https://www.google-analytics.com; report-uri https://www.net-ing.com/csp/; report-to csp-endpoint 1
report-uri /csp-log.php; report-to csp-log-endpoint; default-src 'none'; img-src 'self' data: https://werbung.leipzig.de/ https://data.leipzig.de/ https://static.leipzig.de/ https://www.gstatic.com/images/; script-src 'self' 'unsafe-inline' https://www.leipzig.de/ https://static.leipzig.de/ https://werbung.leipzig.de/delivery/ https://vrweb15.linguatec.org/VoiceReaderWeb15User/player20/scripts/ https://chatbot115.km.usu.com/kfirst-widget/vendor/ https://chatbot115.km.usu.com/kfirst-widget/js/ https://dev.lehst.de/; style-src 'self' 'unsafe-inline' https://static.leipzig.de/ https://vrweb15.linguatec.org/VoiceReaderWeb15User/player/styles/ https://chatbot115.km.usu.com/kfirst-widget/css/ https://chatbot115.km.usu.com/kfirst-widget/vendor/ https://dev.lehst.de/; font-src 'self' https://static.leipzig.de/ https://chatbot115.km.usu.com/kfirst-widget/vendor/ https://fonts.gstatic.com/; media-src 'self' https://static.leipzig.de/ https://vrweb15.linguatec.org/VoiceReaderWeb15User/player20/scripts/; connect-src 'self' https://vrweb15.linguatec.org/VoiceReaderWeb15WebService/ https://dev.lehst.de/ https://chatbot115.km.usu.com/kfirst-widget/api/ https://chatbot115.km.usu.com/kfirst-widget/icons/ https://www.leipzig.de/; frame-src https://www.youtube-nocookie.com/embed/ https://chatbot115.km.usu.com/ https://tnv.leipzig.de https://s-leipzig.maps.arcgis.com https://geoportal.leipzig.de https://www.blitzvideoserver.de https://tportal.toubiz.de https://kwis-web.leipzig.de; 1
font-src *.fontawesome.com data: *.hotjar.com github.com cdn.honey.io *.photoslurp.com use.typekit.net *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.redsys.es facebook.com *.adyen.com *.redsys.com *.pinterest.com sas.redsys.es *.facebook.com sas.redsys.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.hotjar.com *.google.com *.addthis.com *.kampyle.com facebook.com docs.google.com *.facebook.com *.pinterest.es *.pinterest.com service.force.com *.criteo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com blob: *.w3.org *.bing.com c.bing.com *.hotjar.com bat.bing.com *.clarity.ms *.google.fr facebook.com *.kampyle.com *.gstatic.com *.ladybird.nl *.google.com *.fbcdn.net *.cookiepro.com *.pinterest.com *.pronovias.com *.facebook.com *.google.es *.photoslurp.com *.googleapis.com *.sanpatrick.com *.nicolemilano.com *.cdninstagram.com instagram.com *.verawangbride.com *.whiteonebridal.com *.googletagmanager.com scontent.fmad7-1.fna.fbcdn.net click.s50.exacttarget.com * data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com unpkg.com *.force.com bat.bing.com *.adyen.com *.pinimg.com *.google.com *.hotjar.com *.tiktok.com dropbox.com gstatic.com *.nr-data.net *.clarity.ms *.moatads.com *.addthis.com *.kampyle.com *.newrelic.com *.gstatic.com *.dropbox.com *.cookiepro.com *.facebook.net *.facebook.com facebook.net *.photoslurp.com *.googleapis.com *.salesforce.com *.addthisedge.com *.secure.force.com http://polyfill.io service.force.com bam.eu01.nr-data.net *.nicolemilano.com *.empathybroker.com x.empathy.co x.staging.empathy.co *.lightning.force.com analytics.tiktok.com *.googletagmanager.com googletagmanager.com *.salesforceliveagent.com static.lightning.force.com *.la3-c1cs-fra.salesforceliveagent.com d.la3-c1cs-fra.salesforceliveagent.com pronoviasgroup.my.salesforce.com *.pinterest.com player.vimeo.com *.surveymonkey.com *.criteo.com ct.pinterest.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.honey.io *.kampyle.com *.force.com *.photoslurp.com service.force.com *.nicolemilano.com gstatic.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.vimeo.com *.akamaized.net *.photoslurp.com player.vimeo.com vod-progressive.akamaized.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.tt.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com wss: bat.bing.com *.force.com *.tiktok.com *.nr-data.net *.hotjar.io *.clarity.ms *.vimeo.com d.clarity.ms h.clarity.ms *.kampyle.com *.hotjar.com vc.hotjar.io ws7.hotjar.com *.instagram.com *.cookiepro.com *.pinterest.com *.amazonaws.com client.rum.us-east-1.amazonaws.com sts.eu-west-1.amazonaws.com ws16.hotjar.com ws20.hotjar.com ws22.hotjar.com ws23.hotjar.com ws33.hotjar.com ws34.hotjar.com *.facebook.com *.googleapis.com *.photoslurp.com *.secure.force.com bam.eu01.nr-data.net *.empathybroker.com x.empathy.co x.staging.empathy.co stats.g.doubleclick.net *.google-analytics.com api.empathybroker.com api.empathy.co api.staging.empathy.co api-staging.empathybroker.com pronoviasgroupcti.secure.force.com analytics.pangle-ads.com properties *.criteo.com *.onetrust.com *.pangle-ads.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com fonts.gstatic.com fonts.googleapis.com https://fonts.gstatic.com *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: static.curations.bazaarvoice.com maxcdn.bootstrapcdn.com cdn.dynamicyield.com *.hotjar.com x.klarnacdn.net *.yotpo.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com www.facebook.com *.wahooligan.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com js.stripe.com *.affirm.com *.affirm.ca display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com https://www.googletagmanager.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com insight.adsrvr.org match.adsrvr.org www.affirm.com sandbox.affirm.com *.attn.tv bugcrowd.com imgs.cdn-btsg.com *.cloudfront.net consentag.eu track.cordial.io gum.criteo.com bid.g.doubleclick.net *.fls.doubleclick.net td.doubleclick.net www.facebook.com script.google.com *.googleapis.com *.hotjar.com *.iterable.com *.klarnaservices.com *.online-metrix.net privacyportal-cdn.onetrust.com imgs.signifyd.com *.vimeo.com vimeo.com *.wahooligan.com record.webeyez.com d.emails.wahoofitness.com wahoofitness.yonyx.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.googleapis.com *.gstatic.com maps.googleapis.com maps.gstatic.com *.affirm.com *.affirm.ca display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com https://helloextend-static-assets.s3.amazonaws.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com *.adnxs.com public.adobecc.com data.adxcel-ec2.com insight.adsrvr.org match.adsrvr.org *.amazonaws.com *.atdmt.com *.bing.com *.bazaarvoice.com imgs.cdn-btsg.com *.clarity.ms cdn.cookielaw.org dis.criteo.com gum.criteo.com *.ctnsnet.com ad.doubleclick.net cm.g.doubleclick.net stats.g.doubleclick.net cdn.dynamicyield.com www.facebook.com *.google.com *.googletagmanager.com *.hotjar.com humango.ai *.iterable.com kcc0.com www.kinomap.com *.klarnaevt.com *.klarnaservices.com *.klarnauserservices.com *.ktxlytics.io www.lightboxcdn.com simage2.pubmatic.com alb.reddit.com *.rudderstack.com imgs.signifyd.com image.simplecastcdn.com t.co tk0x1.com *.wahoofitness.com *.xg4ken.com ads.yahoo.com *.analytics.yahoo.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com *.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com www.gstatic.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com js.stripe.com *.affirm.com *.affirm.ca apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com https://*.helloextend.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.adnxs.com js.adsrvr.org cdn.jsdelivr.net lightboxapi.azurewebsites.net cdn.attn.tv bam-cell.nr-data.net *.bazaarvoice.com bat.bing.com bugcrowd.com assets.bugcrowdusercontent.com imgs.cdn-btsg.com *.clarity.ms static.curations.bazaarvoice.com consentag.eu cdn.cookielaw.org track.cordial.io script.crazyegg.com static.criteo.net sslwidget.criteo.com *.ctnsnet.com cdn.dynamicyield.com st.dynamicyield.com connect.facebook.net *.fontawesome.com *.google.com googleads.g.doubleclick.net *.hotjar.com *.iterable.com *.ktxlytics.io www.lightboxcdn.com cdn.livesession.io i.loopme.me js-agent.newrelic.com bam.nr-data.net code.jquery.com eu-library.klarnaservices.com eu-library.playground.klarnaservices.com oc-library.klarnaservices.com oc-library.playground.klarnaservices.com x.klarnacdn.net geolocation.onetrust.com h64.online-metrix.net cdn.optimizely.com www.redditstatic.com www.refersion.com assets.reflow.tv *.rudderlabs.com *.rudderstack.com cdn.segment.com imgs.signifyd.com static.ads-twitter.com analytics.twitter.com modelviewer.dev d.emails.wahoofitness.com record.webeyez.com sec.webeyez.com *.xg4ken.com *.yotpo.com www.youtube.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com display.ugc.bazaarvoice.com https://fonts.googleapis.com *.fontawesome.com static.curations.bazaarvoice.com maxcdn.bootstrapcdn.com cdn.cookielaw.org cdn.dynamicyield.com *.hotjar.com www.lightboxcdn.com x.klarnacdn.net *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.bazaarvoice.com data: mpsnare.iesnare.com www.wahoofitness.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.googleapis.com *.affirm.com *.affirm.ca api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com https://*.helloextend.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.attentivemobile.com *.attn.tv bam-cell.nr-data.net *.bing.com imgs.cdn-btsg.com *.clarity.ms cdn.cookielaw.org track.cordial.io script.crazyegg.com i.ctnsnet.com stats.g.doubleclick.net *.dynamicyield.com www.facebook.com analytics.google.com *.analytics.google.com *.hotjar.com *.hotjar.io mpsnare.iesnare.com *.iterable.com wss: gdpr.loopme.com i.loopme.me *.klarnaservices.com *.klarnauserservices.com *.ktxlytics.io rs.livesession.io bam.nr-data.net *.onetrust.com insight.reflow.tv *.rollbar.com *.rudderstack.com api.segment.io cdn.segment.com imgs.signifyd.com bt.signifyd.com bt.signifyd.com:1103 bt.signifyd.com:11103 d.emails.wahoofitness.com vimeo.com record.webeyez.com send.webeyez.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://b73c76520e1c6fd88a089eacc1b590fe.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
script-src 'self'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=RpIuzGHVP8vLKHSujSYupm147XfU1LxGQ6MMBZpAMJM-1721955906-1.0.1.1-4O5g1steZkw0J7.zrB7sv4VDuyMOCm1ZG1xuwjCDwZ4bXoscfJAp4S51BSgQxAcczty5iN.As6BzoPbvizZS4f4ymT57W0Bqv0rnvJcOZem_WykodMM3l7VJc5AAZCYmWEii1amJJIpA_XCYky__biL9eZ2b.5DmIAlHbm82NBscgdymcN3v5fy3aosIJY6i4at5RySNuEEOr8sBFjA3dw; report-to cf-srwrklrczwisxxgl 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.buzzsprout.com *.cookielaw.org *.getblueshift.com *.onetrust.org *.typekit.net *.vercel-scripts.com bat.bing.com connect.facebook.net static.hotjar.com script.hotjar.com vercel.live *.chatbot.com *.clarity.ms https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net;style-src 'self' 'unsafe-inline' *.typekit.net vercel.live;img-src 'self' blob: data: *.buzzsprout.com *.cookielaw.org *.ctfassets.net *.facebook.com *.internationalliving.com *.nodebb.com *.youtube.com *.ytimg.com *.vercel.com vercel.com *.bing.com *.clarity.ms https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;connect-src wss://*.pusher.com 'self' *.cookielaw.org api.getblueshift.com *.onetrust.com *.hotjar.io vercel.live *.chatbot.com bat.bing.com *.clarity.ms https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;font-src 'self' *.typekit.net vercel.live;frame-src 'self' *.buzzsprout.com *.typeform.com *.youtube-nocookie.com *.youtube.com fast.wistia.net player.vimeo.com td.doubleclick.net vimeo.com vercel.live *.chatbot.com;object-src 'none';base-uri 'self';form-action 'self';frame-ancestors 'none' 1
connect-src 'self' *.algolia.net *.algolianet.com *.algolia.io; media-src *; font-src 'self' data:; object-src 'none'; frame-ancestors 'none'; base-uri 'none'; default-src 'none'; style-src 'unsafe-inline' *; img-src blob: data: *; worker-src 'none'; script-src 'self' 'unsafe-inline' 'report-sample' 'nonce-pFBCBdOItjHqa+cjFGlGBg==' 1
block-all-mixed-content; report-uri https://gesoten.report-uri.com/r/t/csp/reportOnly 1
default-src 'self' *.acadiau.ca; img-src 'self' *.acadiau.ca *.index.digital *.sitescout.com *.gstatic.com *.bc0a.com *.fontawesome.com *.picsum.photos picsum.photos *.twimg.com *.facebook.com *.twitter.com *.google.ca *.google.com www.google-analytics.com wl-pixel.index.digital pixel.sitescout.com s3.amazonaws.com *.b0e8.com *.siteimproveanalytics.io; font-src 'self' *.fontawesome.com *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.gstatic.com cdn.jsdelivr.net; style-src 'self' *.bootstrapcdn.com *.cloudflare.com *.jsdelivr.net *.fontawesome.com *.twimg.com *.twitter.com *.googleapis.com widget.alongside.com 'unsafe-inline'; script-src 'self' *.acadiau.ca *.google.com *.googleapis.com *.fontawesome.com acuityplatform.com *.jquery.com *.bootstrapcdn.com *.cloudflare.com *.jsdelivr.net *.facebook.net *.google-analytics.com *.technolutions.net *.twitter.com *.twimg.com widget.alongside.com *.instagram.com *.cloudflare.com e.issuu.com *.pixel.ad *.hotjar.com *.bc0a.com *.b0e8.com theta360.com *.tiktok.com *.googletagmanager.com siteimproveanalytics.com 'unsafe-inline'; connect-src 'self' *.hotjar.com *.doubleclick.net www.google-analytics.com *.doubleclick.com *.sitescout.com *.doubleclick.n ka-p.fontawesome.com; frame-src 'self' *.livestream.com *.hotjar.com *.youtube.com *.vimeo.com *.twitter.com *.issuu.com *.facebook.com *.instagram.com *.sitescout.com theta360.com; frame-ancestors 'self'; 1
default-src https: 'unsafe-inline' 1
default-src 'self' 'unsafe-inline' https://player.vimeo.com  data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' https://static.queue-it.net https://assets.queue-it.net https://www.youtube.com https://player.vimeo.com https://cdn.jsdelivr.net 'nonce-gZFRdM/jy+YnkXmy3DjlqNdgNl5Vo/EBmYrwta9K84Y='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://vimeo.com https://cdn.jsdelivr.net; worker-src 'self' blob:;report-to https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub7b365ff4e383a8c546d53da7507a6fc0&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=booker 1
object-src 'none';base-uri 'self';script-src 'nonce-GOe0pPqkIbzI_YwbGUMkAw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com *.typekit.net https://fonts.googleapis.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cordialdev.com *.cordial.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.google.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.cordialdev.com *.cordial.com *.cordial.io c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://pay.google.com amc.demdex.net https://photos.pixlee.co 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com https://img.youtube.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.media-amazon.com *.payments-amazon.com *.lightboxcdn.com *.cdn.searchspring.net https://hello.zonos.com https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.cordialdev.com *.cordial.com track.cordial.io s7.addthis.com *.authorize.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://cdn.searchspring.net https://checkoutshopper-test.adyen.com *.payments-amazon.com *.lightboxcdn.com *.attn.tv *.cdn.searchspring.net maps.googleapis.com *.news.rockler.com *.googletagmanager.com https://hello.zonos.com cdn.searchspring.net https://widgets.turnto.com we.turnto.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.typekit.net *.pay.google.com fonts.googleapis.com/ cdn.searchspring.net https://widgets.turnto.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.cordialdev.com *.cordial.com ekr.zdassets.com/ *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com ws: apay-us.amazon.com *.google-analytics.com https://hello.zonos.com https://*.a.searchspring.io https://cdn-ws.turnto.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: dvngeac8rg9mb.cloudfront.net js.stripe.com www.gstatic.com *.googleapis.com ws.zoominfo.com www.google.com www.googletagmanager.com compilers.widgets.sphere-engine.com d34s7xanp5e5sf.cloudfront.net; connect-src 'self' api.stripe.com *.googleapis.com *.fontawesome.com wss://push.piazza.com; img-src 'self' data: http: https:; object-src 'none'; font-src 'self' data: *.typekit.net *.gstatic.com *.fontawesome.com; style-src 'self' 'unsafe-inline' blob: *.typekit.net *.gstatic.com *.googleapis.com dvngeac8rg9mb.cloudfront.net; frame-src 'self' www.youtube.com www.youtube-nocookie.com www.vimeo.com player.vimeo.com www.facebook.com youtu.be gfycat.com www.google.com giphy.com docs.google.com calendar.google.com www.desmos.com www.geogebra.org js.stripe.com; report-uri /security/csp_report 1
default-src 'self' https:; base-uri 'self'; connect-src *; font-src 'self' data: *; form-action 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data: *; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'report-sample' 'self' 'unsafe-inline' *; style-src 'report-sample' 'self' 'unsafe-inline' *; worker-src 'self'; upgrade-insecure-requests; report-uri /csp-reports; 1
form-action 'self' https://selinc-pilot.csod.com https://selinc.csod.com http://events.selinc.com https://www.cvent.com *.facebook.com connect.facebook.net https://pi.pardot.com *.twitter.com https://events.selinc.com; report-uri /api/cspNotification/ 1
base-uri 'self'; default-src 'self'; script-src 'nonce-ZTVlMTQ2NTAtNDE5OS00ZDg1LTgzZTgtNmVmYWI3OTU4M2Yz' 'report-sample' 'self' https://www.googletagmanager.com https://c.safetyculture.com https://cdn.segment.com https://snap.licdn.com/ https://cdn.madkudu.com/ https://cdn.amplitude.com https://connect.facebook.net https://googleads.g.doubleclick.net https://cdn.kustomerapp.com https://www.googleadservices.com https://www.google.com https://tpc.googlesyndication.com https://bat.bing.com https://pages.safetyculture.com https://*.hotjar.com https://fast.wistia.com; style-src 'unsafe-inline' 'report-sample' 'self' https://pages.safetyculture.com https://*.hotjar.com; object-src 'none'; connect-src 'self' https://a.safetyculture.com https://api.segment.io https://c.safetyculture.com https://cdn.segment.com https://*.segmentapis.com https://api.amplitude.com https://scnextsite.wpenginepowered.com/wp-admin/admin-ajax.php https://px.ads.linkedin.com https://cdn.linkedin.oribi.io https://support-safetyculture.api.kustomerapp.com https://*.pndsn.com https://safetyculture-sandbox.api.kustomerapp.com https://stats.g.doubleclick.net https://www.facebook.com https://www.instagram.com https://wp-website.safetyculture.com/wp-admin/admin-ajax.php https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://adservice.google.com https://*.wistia.com https://bat.bing.com https://monitor.clickcease.com; manifest-src 'self'; media-src 'self' blob:; font-src 'self' https://fonts.gstatic.com https://cdn.kustomerapp.com data: https://*.hotjar.com https://fast.wistia.com; frame-src 'self' https://cdn.kustomerapp.com https://tpc.googlesyndication.com https://www.facebook.com https://*.doubleclick.net https://pages.safetyculture.com https://www.youtube.com; img-src 'self' * data:; worker-src 'none'; report-uri https://safetyculture.com/_csp/scweb/prod?v=240313; 1
frame-src 'self' https://js.stripe.com https://dialog.filepicker.io https://www.filepicker.io https://content.googleapis.com https://www.google.com https://insight.adsrvr.org https://match.adsrvr.org https://vimeo.com https://player.vimeo.com https://www.youtube.com https://suicidegirls.com https://gfycat.com https://streamable.com https://bandcamp.com https://open.spotify.com https://www.youtube-nocookie.com https://www.facebook.com https://m.facebook.com https://platform.twitter.com https://player.twitch.tv https://w.soundcloud.com https://eroshare.com https://oddshot.tv https://www.pornhub.com https://www.reverbnation.com https://drive.google.com https://www.washingtonpost.com https://www.arte.tv https://www.mixcloud.com https://www.redgifs.com https://redgifs.com https://www.instagram.com https://instagram.com https://www.flickr.com http://www.funnyordie.com https://giphy.com/ 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: archive-it.org wayback.archive-it.org partner.archive-it.org 1
object-src * ; report-uri https://www.sunlife.ca/slfreporting/reportUri 1
default-src 'self' primericaonline.okta.com login.primericaonline.com *.oktacdn.com; connect-src 'self' primericaonline.okta.com primericaonline-admin.okta.com login.primericaonline.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com primericaonline.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' primericaonline.okta.com login.primericaonline.com *.oktacdn.com; style-src 'unsafe-inline' 'self' primericaonline.okta.com login.primericaonline.com *.oktacdn.com; frame-src 'self' primericaonline.okta.com primericaonline-admin.okta.com login.primericaonline.com login.okta.com *.vidyard.com com-okta-authenticator:; img-src 'self' primericaonline.okta.com login.primericaonline.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' primericaonline.okta.com login.primericaonline.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' https://mob.primericaonline.com https://*.primericaonline.com 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=merchant%2Fapp_details&source%5Buuid%5D=a87e1adc-97ac-40ae-9afe-2f40b4517798-1721961771 1
object-src 'none';base-uri 'self';script-src 'nonce-leNU9h2PLaEo1eDdBJUztw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' chla.lndo.site/* chlaorg*.prod.acquia-sites.com/* chla.org/*; script-src 'self' jquery.min.js ajax.js; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-src https://app-appdev-ezbooking-prod-001.ase-eapps-prod-001.p.azurewebsites.net  https://app-appdev-chla-symptom-checker-prod-001.ase-eapps-prod-001.p.azurewebsites.net  https://app-bot-appdev-globalhealth-prod-001.ase-eapps-prod-001.p.azurewebsites.net; child-src https://app-appdev-ezbooking-prod-001.ase-eapps-prod-001.p.azurewebsites.net  https://app-appdev-chla-symptom-checker-prod-001.ase-eapps-prod-001.p.azurewebsites.net  https://app-bot-appdev-globalhealth-prod-001.ase-eapps-prod-001.p.azurewebsites.net; report-uri /report-csp-violation 1
default-src 'self' * 'unsafe-inline' 'unsafe-eval' data:; connect-src 'self' https://adservice.google.com https://adservice.google.com/pagead/regclk https://analytics.google.com https://analytics.google.com/g/collect https://analytics.pangle-ads.com https://analytics.pangle-ads.com/api/v2/pangle_pixel https://analytics.tiktok.com https://analytics.tiktok.com/api/v2/pixel https://analytics.tiktok.com/api/v2/pixel/act https://api.ipify.org https://api.ipify.org/ https://api.mercadolibre.com https://api.mercadopago.com https://api.mundipagg.com https://api.siteblindado.com https://api.voxus.tv https://api.voxus.tv/verify/ https://checkip.amazonaws.com https://checkip.amazonaws.com/ https://ct.pinterest.com https://events.mercadopago.com https://logs-01.loggly.com https://maps.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://region1.analytics.google.com https://region1.google-analytics.com https://region1.google-analytics.com/g/collect https://seal.siteblindado.com https://stats.g.doubleclick.net https://stats.g.doubleclick.net/j/collect https://stats.g.doubleclick.net/g/collect https://tagging.betocarrero.com.br https://tagging.betocarrero.com.br/fcp https://targeting.voxus.com.br https://targeting.voxus.com.br/v/ https://translate-pa.googleapis.com https://translate.google.com https://translate.googleapis.com https://translation-v3.handtalk.me https://us.creativecdn.com https://us.creativecdn.com/tags/v2 https://web.facebook.com https://www.betocarrero.com.br https://www.facebook.com https://www.facebook.com/tr https://www.google-analytics.com https://www.google-analytics.com/g/collect https://www.google-analytics.com/j/collect https://www.googletagmanager.com/a https://www.google.com https://www.mercadolibre.com https://clientstream.launchdarkly.com https://logs-01.loggly.com https://logs-01.loggly.com/inputs/27cf9a30-eb89-41a7-ba82-3280d33fb2cf/tag/https/; report-to default; 1
object-src 'none';base-uri 'self';script-src 'nonce-nx-J9GM5dAcx5wVaEwr42Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https:;frame-ancestors about: 'self';frame-src https://optimize.google.com *;style-src https://optimize.google.com https://fonts.googleapis.com https: data: 'unsafe-inline' *;script-src https://www.googleanalytics.com https://www.google-analytics.com https://optimize.google.com * 'unsafe-inline' 'unsafe-eval';img-src https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https: data: *;font-src https://fonts.gstatic.com data: *;object-src 'none';connect-src * ws: wss:; report-uri https://res.destinia.com/web/csp-violation-report-endpoint; report-to default; 1
report-uri /upload/csp/csp.php; report-to csp-endpoints 1
frame-ancestors www.gstatic.com https://devmi1.wom.co https://dev.wom.co *.paypal.com *.wom.co; font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com https://app.wom.co *.amazonaws.com *.addi.com *.yieldmo.com *.casalemedia.com *.newrelic.com *.newrelic.co *.nr-data.net *.aralego.net *.aralego.com *.mediavine.com *.stickyadstv.com *.adgrx.com *.bluekai.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.liadm.com *.bidswitch.net *.emxdgt.com *.crcom.gov.co *.omappapi.com *.googlesyndication.com *.getblue.io *.pangle-ads.com *.yahoo.net *.wom.co https://devmi1.wom.co *.criteo.com *.clmbtech.com *.decidata.tv *.gfl85trk.com *.pingdom.net *.tremorhub.com *.smaato.net *.sharethrough.com *.360yield.com *.omnitagjs.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.adnxs.com *.paypal.com *.doubleclick.net *.192.168.232.4:7105 *.avantel.co *.openstreetmap.org data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com https://www.facebook.com *.amazonaws.com *.addi.com *.yieldmo.com *.casalemedia.com *.newrelic.com *.newrelic.co *.nr-data.net *.aralego.net *.aralego.com *.mediavine.com *.stickyadstv.com *.adgrx.com *.bluekai.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.liadm.com *.bidswitch.net *.emxdgt.com *.crcom.gov.co *.omappapi.com *.googlesyndication.com *.getblue.io *.pangle-ads.com *.yahoo.net *.wom.co https://devmi1.wom.co *.criteo.com *.clmbtech.com *.decidata.tv *.gfl85trk.com *.pingdom.net *.tremorhub.com *.smaato.net *.sharethrough.com *.360yield.com *.omnitagjs.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.adnxs.com *.doubleclick.net *.192.168.232.4:7105 *.avantel.co *.openstreetmap.org 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadolibre.com https://www.googletagmanager.com https://api.retargetly.com https://*.hotjar.com https://*.doubleclick.net https://www.facebook.com https://resources-rt.idx.lat/ *.amazonaws.com *.addi.com *.yieldmo.com *.casalemedia.com *.newrelic.com *.newrelic.co *.nr-data.net *.aralego.net *.aralego.com *.mediavine.com *.stickyadstv.com *.adgrx.com *.bluekai.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.liadm.com *.bidswitch.net *.emxdgt.com *.crcom.gov.co *.omappapi.com *.googlesyndication.com *.getblue.io *.pangle-ads.com *.yahoo.net *.wom.co https://devmi1.wom.co *.criteo.com *.clmbtech.com *.decidata.tv *.gfl85trk.com *.pingdom.net *.tremorhub.com *.smaato.net *.sharethrough.com *.360yield.com *.omnitagjs.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.adnxs.com *.doubleclick.net *.192.168.232.4:7105 *.avantel.co *.openstreetmap.org 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.googleapis.com maps.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com https://*.bing.com https://www.facebook.com https://www.google.com https://www.google.com.mx https://*.clarity.ms https://www.google.com.co https://analytics.twitter.com https://app.wom.co https://dev.placetopay.com https://t.co https://checkout-co.placetopay.dev *.amazonaws.com *.addi.com *.yieldmo.com *.casalemedia.com *.newrelic.com *.newrelic.co *.nr-data.net *.aralego.net *.aralego.com *.mediavine.com *.stickyadstv.com *.adgrx.com *.bluekai.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.liadm.com *.bidswitch.net *.emxdgt.com *.crcom.gov.co *.omappapi.com *.googlesyndication.com *.getblue.io *.pangle-ads.com *.yahoo.net *.wom.co https://devmi1.wom.co *.criteo.com *.clmbtech.com *.decidata.tv *.gfl85trk.com *.pingdom.net *.tremorhub.com *.smaato.net *.sharethrough.com *.360yield.com *.omnitagjs.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.adnxs.com *.doubleclick.net *.192.168.232.4:7105 *.avantel.co *.openstreetmap.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.gstatic.com fonts.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mlstatic.com *.mercadopago.com https://widget.manychat.com https://www.google.com https://api.retargetly.com https://*.clarity.ms https://connect.facebook.net https://bat.bing.com https://analytics.tiktok.com https://d12zyq17vm1xwx.cloudfront.net https://*.hotjar.com https://static.ads-twitter.com https://script.crazyegg.com https://resources-rt.idx.lat *.amazonaws.com *.addi.com *.yieldmo.com *.casalemedia.com *.newrelic.com *.newrelic.co *.nr-data.net *.aralego.net *.aralego.com *.mediavine.com *.stickyadstv.com *.adgrx.com *.bluekai.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.liadm.com *.bidswitch.net *.emxdgt.com *.crcom.gov.co *.omappapi.com *.googlesyndication.com *.getblue.io *.pangle-ads.com *.yahoo.net *.wom.co https://devmi1.wom.co *.criteo.com *.clmbtech.com *.decidata.tv *.gfl85trk.com *.pingdom.net *.tremorhub.com *.smaato.net *.sharethrough.com *.360yield.com *.omnitagjs.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.adnxs.com *.doubleclick.net *.192.168.232.4:7105 *.avantel.co *.openstreetmap.org 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline fonts.googleapis.com *.fontawesome.com https://app.wom.co *.amazonaws.com *.addi.com *.yieldmo.com *.casalemedia.com *.newrelic.com *.newrelic.co *.nr-data.net *.aralego.net *.aralego.com *.mediavine.com *.stickyadstv.com *.adgrx.com *.bluekai.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.liadm.com *.bidswitch.net *.emxdgt.com *.crcom.gov.co *.omappapi.com *.googlesyndication.com *.getblue.io *.pangle-ads.com *.yahoo.net *.wom.co https://devmi1.wom.co *.criteo.com *.clmbtech.com *.decidata.tv *.gfl85trk.com *.pingdom.net *.tremorhub.com *.smaato.net *.sharethrough.com *.360yield.com *.omnitagjs.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.adnxs.com *.paypal.com *.doubleclick.net *.192.168.232.4:7105 *.avantel.co *.openstreetmap.org 'self' 'unsafe-inline'; object-src *.amazonaws.com *.addi.com *.yieldmo.com *.casalemedia.com *.newrelic.com *.newrelic.co *.nr-data.net *.aralego.net *.aralego.com *.mediavine.com *.stickyadstv.com *.adgrx.com *.bluekai.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.liadm.com *.bidswitch.net *.emxdgt.com *.crcom.gov.co *.omappapi.com *.googlesyndication.com *.getblue.io *.pangle-ads.com *.yahoo.net *.wom.co https://devmi1.wom.co *.criteo.com *.clmbtech.com *.decidata.tv *.gfl85trk.com *.pingdom.net *.tremorhub.com *.smaato.net *.sharethrough.com *.360yield.com *.omnitagjs.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.adnxs.com *.paypal.com *.doubleclick.net *.192.168.232.4:7105 *.avantel.co *.openstreetmap.org 'self' 'unsafe-inline'; media-src *.adobe.com *.amazonaws.com *.addi.com *.yieldmo.com *.casalemedia.com *.newrelic.com *.newrelic.co *.nr-data.net *.aralego.net *.aralego.com *.mediavine.com *.stickyadstv.com *.adgrx.com *.bluekai.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.liadm.com *.bidswitch.net *.emxdgt.com *.crcom.gov.co *.omappapi.com *.googlesyndication.com *.getblue.io *.pangle-ads.com *.yahoo.net *.wom.co https://devmi1.wom.co *.criteo.com *.clmbtech.com *.decidata.tv *.gfl85trk.com *.pingdom.net *.tremorhub.com *.smaato.net *.sharethrough.com *.360yield.com *.omnitagjs.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.adnxs.com *.paypal.com *.doubleclick.net *.192.168.232.4:7105 *.avantel.co *.openstreetmap.org 'self' 'unsafe-inline'; manifest-src *.amazonaws.com *.addi.com *.yieldmo.com *.casalemedia.com *.newrelic.com *.newrelic.co *.nr-data.net *.aralego.net *.aralego.com *.mediavine.com *.stickyadstv.com *.adgrx.com *.bluekai.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.liadm.com *.bidswitch.net *.emxdgt.com *.crcom.gov.co *.omappapi.com *.googlesyndication.com *.getblue.io *.pangle-ads.com *.yahoo.net *.wom.co https://devmi1.wom.co *.criteo.com *.clmbtech.com *.decidata.tv *.gfl85trk.com *.pingdom.net *.tremorhub.com *.smaato.net *.sharethrough.com *.360yield.com *.omnitagjs.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.adnxs.com *.paypal.com *.doubleclick.net *.192.168.232.4:7105 *.avantel.co *.openstreetmap.org 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolibre.com https://www.google-analytics.com https://stats.g.doubleclick.net https://notifications-icommkt.com https://track-icommkt.com https://analytics.tiktok.com https://*.clarity.ms https://analytics.google.com https://script.crazyegg.com https://rt.idx.lat *.amazonaws.com *.addi.com *.yieldmo.com *.casalemedia.com *.newrelic.com *.newrelic.co *.nr-data.net *.aralego.net *.aralego.com *.mediavine.com *.stickyadstv.com *.adgrx.com *.bluekai.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.liadm.com *.bidswitch.net *.emxdgt.com *.crcom.gov.co *.omappapi.com *.googlesyndication.com *.getblue.io *.pangle-ads.com *.yahoo.net *.wom.co https://devmi1.wom.co *.criteo.com *.clmbtech.com *.decidata.tv *.gfl85trk.com *.pingdom.net *.tremorhub.com *.smaato.net *.sharethrough.com *.360yield.com *.omnitagjs.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.adnxs.com *.doubleclick.net *.192.168.232.4:7105 *.avantel.co *.openstreetmap.org 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.amazonaws.com *.addi.com *.yieldmo.com *.casalemedia.com *.newrelic.com *.newrelic.co *.nr-data.net *.aralego.net *.aralego.com *.mediavine.com *.stickyadstv.com *.adgrx.com *.bluekai.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.liadm.com *.bidswitch.net *.emxdgt.com *.crcom.gov.co *.omappapi.com *.googlesyndication.com *.getblue.io *.pangle-ads.com *.yahoo.net *.wom.co https://devmi1.wom.co *.criteo.com *.clmbtech.com *.decidata.tv *.gfl85trk.com *.pingdom.net *.tremorhub.com *.smaato.net *.sharethrough.com *.360yield.com *.omnitagjs.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.adnxs.com *.doubleclick.net *.192.168.232.4:7105 *.avantel.co *.openstreetmap.org http: https: blob: 'self' 'unsafe-inline'; default-src https://*.api.comapi.com https://wom-co.convertia.com *.amazonaws.com *.addi.com *.yieldmo.com *.casalemedia.com *.newrelic.com *.newrelic.co *.nr-data.net *.aralego.net *.aralego.com *.mediavine.com *.stickyadstv.com *.adgrx.com *.bluekai.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.liadm.com *.bidswitch.net *.emxdgt.com *.crcom.gov.co *.omappapi.com *.googlesyndication.com *.getblue.io *.pangle-ads.com *.yahoo.net *.wom.co https://devmi1.wom.co *.criteo.com *.clmbtech.com *.decidata.tv *.gfl85trk.com *.pingdom.net *.tremorhub.com *.smaato.net *.sharethrough.com *.360yield.com *.omnitagjs.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.adnxs.com *.paypal.com *.doubleclick.net *.192.168.232.4:7105 *.avantel.co *.openstreetmap.org 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.amazonaws.com *.addi.com *.yieldmo.com *.casalemedia.com *.newrelic.com *.newrelic.co *.nr-data.net *.aralego.net *.aralego.com *.mediavine.com *.stickyadstv.com *.adgrx.com *.bluekai.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.liadm.com *.bidswitch.net *.emxdgt.com *.crcom.gov.co *.omappapi.com *.googlesyndication.com *.getblue.io *.pangle-ads.com *.yahoo.net *.wom.co https://devmi1.wom.co *.criteo.com *.clmbtech.com *.decidata.tv *.gfl85trk.com *.pingdom.net *.tremorhub.com *.smaato.net *.sharethrough.com *.360yield.com *.omnitagjs.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.adnxs.com *.paypal.com *.doubleclick.net *.192.168.232.4:7105 *.avantel.co *.openstreetmap.org 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com cdn.livechatinc.com stats.g.doubleclick.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.dotit.com dotit.wufoo.com stats.g.doubleclick.net *.google.pl *.livechatinc.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ stats.g.doubleclick.net dotit.wufoo.com www.wrike.com *.google.com *.livechatinc.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.dotit.com stats.g.doubleclick.net cp-ywz-382.chili-publish.online *.livechatinc.com https://img.youtube.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ stats.g.doubleclick.net chimpstatic.com *.wufoo.com www.youtube.com apis.google.com *.google.pl *.livechatinc.com s7.addthis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com stats.g.doubleclick.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com stats.g.doubleclick.net *.analytics.google.com *.google-analytics.com dotit.wufoo.com *.smartystreets.com apis.google.com *.google.pl *.livechatinc.com ekr.zdassets.com/ 'self' 'unsafe-inline'; child-src stats.g.doubleclick.net http: https: blob: 'self' 'unsafe-inline'; default-src stats.g.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri stats.g.doubleclick.net 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.greateasternlife.com *.visualwebsiteoptimizer.com *.omtrdc.net www.google.com.bn www.googletagmanager.com *.tiktok.com *.presage.io *.googleapis.com www.google.co.id www.google-analytics.com digital.feprecisionplus.com *.qualtrics.com *.scene7.com www.google.com www.google.com.sg *.twitter.com www.google.com.my analytics.google.com region1.analytics.google.com *.addthis.com *.googleadservices.com adservice.google.com www.juicer.io secure.quantserve.com www.youtube.com *.doubleclick.net *.gstatic.com *.facebook.net assets.adobedtm.com *.facebook.com *.demdex.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self';script-src 'self' 'nonce-vsAi/b080apf6ZRY60OD9KOa' *.travcorpservices.com/ https://www.google.com https://www.google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://ajax.googleapis.com https://www.gstatic.com https://googleads.g.doubleclick.net https://api.feefo.com https://register.feefo.com https://bat.bing.com https://cdn.evgnet.com https://connect.facebook.net https://i.clarity.ms https://static-ssl.responsetap.com *.hotjar.com/ https://tag.simpli.fi https://unpkg.com https://www.bugherd.com https://www.datadoghq-browser-agent.com https://assetscdn.stackla.com/media/js/ https://vjs.zencdn.net https://cdn.amplitude.com/libs/ https://sdk.joinsherpa.io https://apps.mypurecloud.com https://consentcdn.cookiebot.com https://cdnjs.cloudflare.com https://ttc-contiki.entry.promo https://cdn.optimizely.com https://www.riddle.com;style-src 'self' 'unsafe-inline' https://assetscdn.stackla.com/media/components/stackla-uikit/dist/ https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net https://vjs.zencdn.net https://apps.mypurecloud.com;img-src 'self' https://bat.bing.com https://c.clarity.ms https://i.ytimg.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.uplift-platform.com;frame-src 'self' https://10006172.fls.doubleclick.net https://uplift-cdn-stg.uplift.com https://vars.hotjar.com https://widget.stackla.com https://www.google.com https://apps.joinsherpa.io;font-src 'self' https://assetscdn.stackla.com https://fonts.gstatic.com https://use.typekit.net https://vjs.zencdn.net https://apps.mypurecloud.com;connect-src 'self' *.travcorpservices.com/ *.travcorp.com/ *.corp.ttc:7443/ https://api.feefo.com https://bat.bing.com https://in.hotjar.com https://ws11.hotjar.com/api/ https://l.clarity.ms https://metrics.responsetap.com/infinity/ https://noembed.com https://pm-mrkt.prodgw.uplift-platform.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://ttctravel.germany-2.evergage.com https://www.facebook.com https://www.google-analytics.com 1
default-src 'self'; script-src 'self' *.argenta.be *.googleapis.com *.adobedtm.com *.googletagmanager.com *.doubleclick.net *.adsrvr.org *.teads.tv *.facebook.net *.hotjar.com *.tiqcdn.com *.pingdom.net *.google.ie 'unsafe-inline' 'unsafe-eval' wasm-eval; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://agentaspaarbank.tt.omtrdc.net *.googleapis.com *.simargenta.be *.argenta.be *.teads.tv *.googlesyndication.com *.pingdom.net; font-src 'self'; frame-src 'self'  *.tst-argenta.be *.adsrvr.org *.teads.tv *.doubleclick.net; img-src 'self' *.argenta.be *.simargenta.be *.facebook.com *.google.be *.google.com *.google.ie *.teads.tv *.gstatic.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
font-src *.klarnacdn.net https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com *.narvar.com *.narvar.qa static.zdassets.com cdn.usehero.com *.strut.fit *.global-e.com transition.pages.dev *.paypalobjects.com *.yotpo.com *.googleapis.com *.gstatic.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com *.amazon.co.uk *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.mention-me.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.bglobale.com webservices.global-e.com www.facebook.com *.hotjar.com *.kaptcha.com mention-me.com www.paypalobjects.com *.pinterest.com *.strut.fit *.zmags.com e.issuu.com *.global-e.com *.awin1.com *.vivobarefoot.com *.yotpo.com *.zma.gs *.amazonaws.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.trackedlink.net *.klarna.com *.klarnaevt.com *.klarnacdn.net *.gstatic.com https://*.googleapis.com https://*.googleusercontent.com *.narvar.com *.narvar.qa www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com cmp.uniconsent.com *.pcapredict.com *.stackpathcdn.com *.bglobale.com cdn.usehero.com api.usehero.com *.hotjar.com *.awin1.com *.dwin1.com *.taboola.com bat.bing.com *.ads.twitter.com *.pinimg.com connect.facebook.net *.doubleclick.net *.clarity.ms api.uk.exponea.com ct.pinterest.com *.global-e.com analytics.twitter.com www.facebook.com *.amazonaws.com upload.usehero.com t.co www.google.es *.cloudfront.net storage.googleapis.com vivo.azureedge.net services.postcodeanywhere.co.uk *.bing.com *.vivobarefoot.com map.go.affec.tv secure.adnxs.com www.google.co.in *.zmags.com *.zma.gs transition.pages.dev *.strut.fit *.trustedshops.com *.yotpo.com dhv2ziothpgrr.cloudfront.net ww2.bglobale.com *.visualwebsiteoptimizer.com *.google.de *.google.se *.google.dk *.google.uk *.google.ca *.google.nz *.google.eu *.mention-me.com alb.reddit.com www.zenaps.com match.adsrvr.org vivobf.zendesk.com static.zdassets.com imgsct.cookiebot.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.klarna.com *.klarnacdn.net *.klarnaservices.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.mention-me.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cmp.uniconsent.com *.pcapredict.com *.stackpathcdn.com *.bglobale.com cdn.usehero.com api.usehero.com *.hotjar.com www.dwin1.com *.taboola.com bat.bing.com static.ads-twitter.com *.pinimg.com connect.facebook.net *.doubleclick.net *.clarity.ms api.uk.exponea.com ct.pinterest.com static.zdassets.com *.strut.fit strutagiocdn.blob.core.windows.net *.windows.net js-agent.newrelic.com bam.nr-data.net services.postcodeanywhere.co.uk web.global-e.com webservices.global-e.com *.affec.tv secure.adnxs.com *.srcspot.com *.zmags.com *.zma.gs *.z-analytics.net transition.pages.dev *.payments-amazon.com *.awin1.com *.trustedshops.com *.zopim.com *.vivobarefoot.com *.bablic.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net *.ads.twitter.com *.visualwebsiteoptimizer.com rum-static.pingdom.net *.zendesk.com consent.cookiebot.com consentcdn.cookiebot.com *.heatmap.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnacdn.net https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com http://fonts.googleapis.com services.postcodeanywhere.co.uk *.zmags.com *.zma.gs *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.narvar.com *.narvar.qa static.zdassets.com cdn.usehero.com transition.pages.dev 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://*.ingest.sentry.io *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.mention-me.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com cmp.uniconsent.com *.pcapredict.com *.stackpathcdn.com *.bglobale.com cdn.usehero.com api.usehero.com *.hotjar.com dwin1.com *.taboola.com bat.bing.com *.ads.twitter.com *.pinimg.com connect.facebook.net *.doubleclick.net *.clarity.ms api.uk.exponea.com *.pinterest.com *.zendesk.com wss://widget-mediator.zopim.com/ *.strut.fit services.postcodeanywhere.co.uk *.nr-data.net *.analytics.google.com *.zmags.com *.zma.gs www.facebook.com transition.pages.dev ekr.zdassets.com wss://*.hotjar.com *.hotjar.io *.amazon.com *.bablic.com rebel-geocode.nw.r.appspot.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com https://pagead2.googlesyndication.com pagead2.googlesyndication.com wss://*.zendesk.com *.visualwebsiteoptimizer.com *.trustedshops.com *.etrusted.com region1.google-analytics.com rum-collector-2.pingdom.net www.redditstatic.com conversions-config.reddit.com consentcdn.cookiebot.com *.heatmap.com wss://vst.heatmap.com/ wss://service.heatmap.com/ https://8xzkg94z39.execute-api.us-west-2.amazonaws.com https://heatmap-project-2022.s3.us-west-2.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' ; object-src 'none' ; report-uri https://cspreports.realpage.com/api/reports/save/report-only; 1
object-src 'none';base-uri 'self';script-src 'nonce-n5LXYNnUlu3pH-jCxMjP4g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tool.lu *.baidu.com *.bdstatic.com; object-src 'none'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.tool.lu *.baidu.com; img-src 'self' data: *.tool.lu *.href.lu *.baidu.com; media-src 'none'; child-src 'self' *.tool.lu; font-src *.tool.lu *.alicdn.com; connect-src 'self' *.tool.lu *.baidu.com *.alicdn.com; report-uri //a.tool.lu/csp 1
default-src 'self' data: blob: *.armstrong.com *.armstrongceilings.com armstrongceilings.my.salesforce-sites.com d2qrdklrsxowl2.cloudfront.net fonts.gstatic.com www.google-analytics.com *.akamaihd.net brightcove.hs.llnwd.net *.brightcove.com *.media.brightcove.com manifest.prod.boltdns.net fast.fonts.net ;style-src 'self' 'unsafe-inline' fast.fonts.net d2qrdklrsxowl2.cloudfront.net *.s3.amazonaws.com fonts.googleapis.com display.ugc.bazaarvoice.com s7d9.scene7.com player.interactivity.brightcove.com;form-action 'self' *.armstrong.com *.armstrongceilings.com armstrongceilings.tfaforms.net *.salesforceliveagent.com *.la3-c2-ia4.salesforceliveagent.com www.facebook.com api.bazaarvoice.com;frame-ancestors 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.armstrong.com *.armstrongceilings.com cdn-cookieyes.com js.hsforms.net *.bazaarvoice.com *.outbrain.com *.salesforceliveagent.com *.ugc.bazaarvoice.com assets.adobedtm.com connect.facebook.net d2qrdklrsxowl2.cloudfront.net googleads.g.doubleclick.net lib-us-3.brilliantcollector.com players.brightcove.net siteintercept.qualtrics.com snap.licdn.com vjs.zencdn.net *.google-analytics.com www.googleadservices.com www.googletagmanager.com znbmda84ti8npbglj-armstrong.siteintercept.qualtrics.com *.googleapis.com html5.dcatalog.com *.google.com display.ugc.bazaarvoice.com www.gstatic.com s7d9.scene7.com *.mountain.com armstrongceilings.tfaforms.net googleads.g.doubleclick.net js-na1.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net *.analytics.google.com 100.20.58.101 18.210.229.244 3.212.39.155 34.215.155.61 35.160.46.251 35.85.84.151 44.212.189.233 44.228.85.26 44.238.122.172 52.22.50.55 52.71.121.170 54.156.2.105 player.interactivity.brightcove.com x.clearbitjs.com *.clearbitscripts.com;frame-src *;img-src 'self' data: blob: *;connect-src 'self' *.akamaihd.net *.armstrong.com *.armstrongceilings.com cdn-cookieyes.com *.cookieyes.com forms.hsforms.com *.brightcove.com *.qualtrics.com *.hapyak.com cdn.linkedin.oribi.io armstrong.tt.omtrdc.net brightcove.hs.llnwd.net dpm.demdex.net edge.api.brightcove.com lib-us-3.brilliantcollector.com manifest.prod.boltdns.net stats.g.doubleclick.net *.googleapis.com s7d9.scene7.com www.facebook.com *.google.com forms.hubspot.com *.google-analytics.com 100.20.58.101 18.210.229.244 3.212.39.155 34.215.155.61 35.160.46.251 35.85.84.151 44.212.189.233 44.228.85.26 44.238.122.172 52.22.50.55 52.71.121.170 54.156.2.105 px.ads.linkedin.com *.clearbitscripts.com app.clearbit.com;object-src players.brightcove.net 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: http://cnt.invoicebox.ru; font-src https: data:; report-uri /csp-report 1
object-src 'none';base-uri 'self';script-src 'nonce-IYrdG07vnc0gH22k4AEp_w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.chartbeat.com optanon.blob.core.windows.net *.brightcove.net *.brightcove.com *.googleadservices.com *.adservice.google.com https://adservice.google.com/* adservice.google.com.br *.googletagmanager.com *.tagmanager.google.com *.chimpstatic.com chimpstatic.com *.jquery.com *.zencdn.net *.ytimg.com *.surveymonkey.com *.googleapis.com *.facebook.net *.googletagservices.com *.addthis.com *.google-analytics.com *.onetrust.com *.ampproject.org *.doubleclick.net *.google.com *.mailchimp.com *.addthisedge.com *.youtube.com *.google.co.uk *.list-manage.com *.outbrain.com *.twitter.com *.twimg.com *.googlesyndication.com *.moatads.com *.radioplayer.co.uk *.cheqzone.com *.rubiconproject.com *.cookielaw.org *.cloudflareinsights.com *.instagram.com *.apester.com *.snap.licdn.com *.doubleverify.com *.aniview.com *.vidazoo.com *.ajax.cloudflare.com *.licdn.com *.pinterest.com *.embedresponsively.com *.amazonaws.com *.apester.com/* *.forces.liveblog.pro *.forces.liveblog.pro/* *.strawpoll.com *.freewheel.tv *.lkqd.net *.beachfront.com *.smartadserver.com *.aniview.com *.admanmedia.com *.improvedigital.com *.onetag.com *.indexexchange.com *.pubmatic.com *.rhythmone.com *.video.unrulymedia.com *.gstatic.com *.newrelic.com cdn.jsdelivr.net cdn.bidder.dev c.amazon-adsystem.com quantcast.mgr.consensu.org secure.quantserve.com rules.quantcount.com static.criteo.net *.dotomi.com *.tiktok.com *.google.ie *.ibytedtos.com *.tiktokcdn.com chartbeat.com *.media.net *.sharethrough.com *.openx.com *.sonobi.com *.districtm.io *.emxdgt.com *.appnexus.com *.google.com *.rhythmone.com *.33across.com *.lemmatechnologies.com *.e-planning.net *.themediagrid.com *.sovrn.com *.lijit.com *.gumgum.com *.nr-data.net *.ttwstatic.com *.thinglink.com *.thinglink.me *.defybrick.com e.infogram.com; frame-src 'self'  'unsafe-eval' *.addthis.com *.googlesyndication.com *.facebook.com/ *.outbrain.com *.twitter.com *.surveymonkey.com embeds.audioboom.com *.rubiconproject.com *.apester.com *.openx.net *.pinterest.com *.instagram.com *.embedresponsively.com *.youtube.com *.pubmatic.com *.forces.net *.forcesnews.com *.google.com *.bfbs.com apester.com/* forces.liveblog.pro forces.liveblog.pro/* *.strawpoll.com/ timbre-player.sharp-stream.com *.chartbeat.com chartbeat.com *.tiktok.com googleads.g.doubleclick.net gum.criteo.com pre.ads.justpremium.com console.googletagservices.com giphy.com *.giphy.com e.infogram.com *.thinglink.com *.thinglink.me; child-src 'self' 'unsafe-inline' 'unsafe-eval' blob: apester.com/* forces.liveblog.pro/* *.strawpoll.com/; upgrade-insecure-requests 1
object-src 'none';base-uri 'self';script-src 'nonce-vpm7Xkbs51lm-8845Fqzew' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.klevu.com *.ksearchnet.com https://fonts.gstatic.com/ *.typekit.net *.nosto.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.zenaps.com *.fls.doubleclick.net account.fetchify.com *.klarna.com https://www.googletagmanager.com/ *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * widget.trustpilot.com simplicity.trustpilot.com *.googlesyndication.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.zenaps.com *.klarna.com *.klarnaevt.com *.klevu.com *.ksearchnet.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.poundshop.com *.poundland.com *.onetrust.com s.kelkoogroup.net c.bing.com c.clarity.ms bat.bing.com *.ometria.com *.google.ac *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.ua *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.com.kh *.google.cc *.google.cd *.google.cf *.google.cat *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gf *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.iq *.google.ie *.google.co.il *.google.im *.google.co.in *.google.io *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.com.lc *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.ne *.google.com.nf *.google.com.ng *.google.com.ni *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pk *.google.com.pa *.google.com.pe *.google.com.ph *.google.pl *.google.com.pg *.google.pn *.google.co.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.rs *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.sm *.google.so *.google.st *.google.sr *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.to *.google.tn *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.co.ug *.google.co.uk *.google.com *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.co.za *.google.co.zm *.google.co.zw data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com *.klarna.com js.klevu.com *.ksearchnet.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.nosto.com *.nos.to js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com s.kelkoogroup.net widget.trustpilot.com invitejs.trustpilot.com sdk.loyaltylion.net foursixty.com sdk-static.loyaltylion.net bat.bing.com *.zendesk.com static.zdassets.com *.ometria.com analytics.tiktok.com www.clarity.ms s.kk-resources.com *.googlesyndication.com *.onetrust.com *.newrelic.com *.soreto.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cc-cdn.com *.klevu.com *.ksearchnet.com *.nosto.com *.nos.to unsafe-inline assets.braintreegateway.com sdk.loyaltylion.net foursixty.com fonts.googleapis.com *.onetrust.com *.typekit.net *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://the.sciencebehindecommerce.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.klarnaevt.com *.klevu.com *.ksearchnet.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com sdk.loyaltylion.net foursixty.com platform.loyaltylion.com *.zendesk.com widget-mediator.zopim.com wss://widget-mediator.zopim.com analytics.tiktok.com *.clarity.ms s.kelkoogroup.net invitejs.trustpilot.com zendesk-eu.my.sentry.io *.ometria.com *.google-analytics.com *.onetrust.com *.newrelic.com *.nr-data.net *.googlesyndication.com *.soreto.com googleads.g.doubleclick.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';                                 script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval'                                      https://cdn.jsdelivr.net                                     https://www.jsdelivr.com          https://widget.reviews.co.uk          https://www.gstatic.com                                     https://*.recruitics.com                                     https://*.licdn.com                                     https://*.hotjar.com                                     https://*.facebook.net                                     https://*.charityjob.co.uk                                     https://*.newrelic.com                                     https://*.google.com                                     https://*.bing.com             https://cdn.cookielaw.org             https://cdnjs.cloudflare.com           https://js-agent.newrelic.com          https://js.monitor.azure.com          https://maps.googleapis.com          https://www.googleadservices.com          https://www.googletagmanager.com;                                 style-src 'report-sample' 'self' 'unsafe-inline'                                     https://code.ionicframework.com          https://maxcdn.bootstrapcdn.com          https://www.charityjob.co.uk          https://assets.reviews.io             https://cdnjs.cloudflare.com;                                 object-src 'none';                                 base-uri 'self';                                 connect-src 'self'                                     https://connect.facebook.net          https://api.reviews.co.uk             https://cdn.cookielaw.org                                     https://*.hotjar.io                                     https://*.linkedin.com                                     https://bam.nr-data.net                                     https://*.charityjob.co.uk                                     https://*.onetrust.com          https://*.google-analytics.com          https://dc.services.visualstudio.com          https://maps.googleapis.com          https://*.googlesyndication.com          https://*.google.com          https://googleads.g.doubleclick.net;                                 font-src 'self'                                    data:                                   https://code.ionicframework.com              https://script.hotjar.com           https://www.charityjob.co.uk           https://assets.reviews.io                                   https://cdnjs.cloudflare.com;                                 frame-src 'self'                                     https://*.recruitics.com          https://td.doubleclick.net                                     https://*.google.com             https://www.youtube.com;         frame-ancestors 'none';                                 img-src 'self' data:              https://*.charityjob.co.uk          https://*.ads.linkedin.com          https://www.googletagmanager.com          https://*.analytics.google.com          https://*.doubleclick.net          https://www.google.co.uk          https://www.google.com          https://www.google.pt          https://assets.reviews.io                                     https://*.bing.com                                     https://www.facebook.com             https://cdn.cookielaw.org;                                 manifest-src 'self';                                 media-src 'self';                                 report-uri https://charityjob.report-uri.com/r/d/csp/reportOnly;                                 worker-src 'none'; 1
script-src https: 'strict-dynamic' 'report-sample' 'nonce-O4y/Lu7Tfilab2wEez3kTaKqZE2GmmfaqtiUiODAcu0='; base-uri 'self';report-to csp-endpoint 1
form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com oppwa.com *.oppwa.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.hana.ondemand.com 'self'; object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; media-src *.gstatic.com *.google.com capitracking.istore.co.za analytics.twitter.com t.co sp.analytics.yahoo.com cdn1.stamped.io stamped.io *.zdassets.com 'self' 'unsafe-inline'; font-src *.gstatic.com fonts.gstatic.com use.typekit.net *.klevu.com *.ksearchnet.com https://fonts.gstatic.com *.fontawesome.com cdn1.stamped.io stamped.io *.cloudflare.com *.googleapis.com *.zopim.com *.tawk.to *.jsdelivr.net media.flixfacts.com 'unsafe-inline' data: data: 'self' 'unsafe-inline'; style-src *.googleapis.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.klevu.com *.ksearchnet.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com oppwa.com *.oppwa.com *.peachpayments.com cdn1.stamped.io stamped.io *.cloudflare.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: https://js.klevu.com 'self' 'unsafe-inline'; connect-src *.googleapis.com *.google.com *.gstatic.com s.yimg.com in.visitors.live dsp-trk.eskimi.com dsp-ap.eskimi.com sslwidget.criteo.com wss://in.visitors.live analytics.tiktok.com/* portal.immerss.live *.linkedin.com *.creativecdn.com wss://ws.hotjar.com *.istore.co.za *.tiktok.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.bolt.com *.magento-datasolutions.com *.magento-ds.com *.sentry.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klevu.com *.ksearchnet.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io oppwa.com *.oppwa.com *.peachpayments.com cdn1.stamped.io stamped.io *.testfreaks.com *.nosto.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.paypal.com *.tawk.to wss://*.tawk.to *.tawk.link *.addthis.com *.addthisedge.com *.what3words.com vsb111.tawk.to ekr.zdassets.com app.mobicredwidget.co.za wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-eval' data: 'self' 'unsafe-inline'; frame-src *.google.com ams.creativecdn.com portal.immerss.live *.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com oppwa.com *.oppwa.com data:text *.nosto.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.addthis.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; img-src *.googleapis.com *.gstatic.com *.google.com *.googleusercontent.com capitracking.istore.co.za analytics.twitter.com t.co sp.analytics.yahoo.com pixel.rubiconproject.com cm.g.doubleclick.net r.casalemedia.com eb2.3lift.com simage2.pubmatic.com contextual.media.net sync-t1.taboola.com exchange.mediavine.com s.ad.smaato.net match.sharethrough.com jadserve.postrelease.com c.bing.com sync.outbrain.com rtb-csync.smartadserver.com secure.adnxs.com ib.adnxs.com ads.yahoo.com ups.analytics.yahoo.com dis.criteo.com *.doubleclick.net *.linkedin.com *.tribalfusion.com sync.go.sonobi.com istore.co.za cm.adform.net ams.creativecdn.com bh.contextweb.com widgets.magentocommerce.com 'unsafe-inline' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klevu.com *.ksearchnet.com https://*.googleapis.com https://*.googleusercontent.com store.paradoxlabs.com oppwa.com *.oppwa.com *.peachpayments.com *.eu-west-1.amazonaws.com cdn1.stamped.io stamped.io *.cloudflare.com *.google.lv *.google.co.za *.google.com.na *.google.na *.zopim.com *.nosto.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co *.tawk.to tawk.link *.tawk.link *.addthis.com *.jsdelivr.net *.azurewebsites.net maps.googleapis.com app.mobicredwidget.co.za amcglobal.sc.omtrdc.net media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com data: 'self' 'unsafe-inline'; script-src *.google.com *.googleapis.com *.gstatic.com capitracking.istore.co.za s.yimg.com platform2.cloud-iq.com static.ads-twitter.com rookdsp.com dsp-media.eskimi.com portal.immerss.live snap.licdn.com tags.creativecdn.com *.tiktok.com *.tribalfusion.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.klevu.com *.ksearchnet.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io *.oppwa.com oppwa.com *.peachpayments.com cdn1.stamped.io stamped.io *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.klevu.com *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.nosto.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.to *.tawk.link *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.mouseflow.com *.facebook.com *.what3words.com maps.googleapis.com static.zdassets.com app.mobicredwidget.co.za www.gstatic.com bam.nr-data.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
object-src 'none';base-uri 'self';script-src 'nonce-OQFLNscDPbHQivp89Ph3MA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-gUI9YxRI5CKXKxF3jqAOFA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-VWMIEqdfLiOAniHeLYkuew' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-2Kl0txVr1Z0zR8NcYk6kuA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.googleapis.com *.gstatic.com data: alianzas.lms-la.com google.com atentomx.s1gateway.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com alianzas.lms-la.com google.com www.benavides.com.mx 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com www.google.com alianzas.lms-la.com google.com *.doubleclick.net *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com optimize.google.com *.analytics.google.com tagmanager.google.com *.benavides.com.mx benavides.limetropy.com https://benavides.sladesk.com https://farmacias-benavides-web-informativa-git-no-layout-waof.vercel.app https://assets.ctfassets.net https://fast.amc.demdex.net https://bam.nr-data.net https://www.google.com https://www.gstatic.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.farmaciasahumada.cl maps.googleapis.com *.benavides.com.mx https://beneficiointeligente.com.mx alianzas.lms-la.com google.com www.google.com.mx optimize.google.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com 'self' data: *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com https://maps.googleapis.com https://www.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.msecnd.net *.jsdelivr.net *.googleapis.com alianzas.lms-la.com google.com *.doubleclick.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com www.google.com optimize.google.com *.analytics.google.com tagmanager.google.com *.benavides.com.mx atentomx.s1gateway.com websdk.appsflyer.com https://js-agent.newrelic.com https://www.google.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com https://www.googletagmanager.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com alianzas.lms-la.com google.com *.doubleclick.net www.google.com optimize.google.com unsafe-inline assets.braintreegateway.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com alianzas.lms-la.com google.com *.doubleclick.net google-analytics.com googleadservices.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adyen.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.visualstudio.com *.google-analytics.com alianzas.lms-la.com google.com *.doubleclick.net *.googleadservices.com *.googletagmanager.com www.google.com optimize.google.com *.analytics.google.com tagmanager.google.com *.benavides.com.mx atentomx.s1gateway.com https://benavides.sladesk.com https://maps.googleapis.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.google.com https://www.gstatic.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.facebook.net 'self' 'unsafe-inline'; child-src alianzas.lms-la.com google.com *.doubleclick.net optimize.google.com *.benavides.com.mx assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri alianzas.lms-la.com google.com *.doubleclick.net *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com www.googletagmanager.com www.google.com optimize.google.com *.analytics.google.com tagmanager.google.com *.benavides.com.mx 'self' 'unsafe-inline'; 1
font-src https://fonts.gstatic.com *.fontawesome.com * maxcdn.bootstrapcdn.com fonts.gstatic.com *.gstatic.com 'self' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://www.paypal.com https://www.googletagmanager.com https://www.google.com https://www.vimeo.com https://f.vimeocdn.com https://adyen.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://pal-test.adyen.com https://pal-live.adyen.com https://amazon.com https://www.yotpo.com https://int-ecommerce.nexi.it *.kasanova.com * https://www.googletagmanager.com/ accounts.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.sharethis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.google.com *.gstatic.com https://www.vimeo.com https://f.vimeocdn.com *.googleapis.com *.ggpht https://ecommerce.nexi.it *.cloudfront.net *.kasanova.com * https://static.zdassets.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ 'self' data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com https://www.vimeo.com www.vimeo.com *.vimeocdn.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com *.sharethis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.google.com *.googleapis.com https://f.vimeocdn.com *.gstatic.com https://googleads.g.doubleclick.net *.clerk.io https://int-ecommerce.nexi.it *.kasanova.com https://assets.livestory.io https://js-agent.newrelic.com *.consentcdn.cookiebot.com/ * http://www.googletagmanager.com/ https://www.googletagmanager.com/ accounts.google.com cdn.scalapay.com b2c-cdn.scalapay.com https://accounts.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.sharethis.com cdn.dnky.co webchat.dotdigital.com https://fonts.googleapis.com * *.fontawesome.com accounts.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://static.zdassets.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://assets.livestory.io https://api.livestory.io *.nr-data.net https://www.google-analytics.com https://int-ecommerce.nexi.it *.kasanova.com *.googleapis.com * http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ accounts.google.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-nquUyWcn3iTdgmleO_1MJw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-eval' https://connect.facebook.net https://am.yahoo.co.jp https://b99.yahoo.co.jp https://www.google-analytics.com assets.adobedtm.com https://www.googletagmanager.com http://hm.mieru-ca.com https://hpjp.mieru-ca.com https://www.everestjs.net https://s.yimg.jp http://aigjapan.sc.omtrdc.net https://www.youtube.com 'sha256-dMIRRtml3Oi21Iaq03PtC+8mIuBozHki1nfF3K1YXgw=' 'sha256-Yw3/67WDFoT7czVF2RALaOaLaRtweKwjgMzcHEb7oIs=' 'sha256-+/WzJIUpU+5NsHuQGBp2n0iZvi5LUQ0h8K/qrDy2YJQ=' 'sha256-T4GdVguKtoAY/4wetSihwnlAEpUpN0SBr64TOJa8NU0=' 'sha256-KIDFo1cCsPZjm0CKg+wI3amz1hzD9mNUJ2+4AGHa3uU=' 'sha256-LBsTTQlX5+H68ly1EZvOY6Z9bHzQqntXIpb70r7UJis=' 'sha256-U/nEWHrEPshKXL66+Ph2p6sLJqyHx9w9Sjv8K1Ya0zU=' 'sha256-BcF795XkHI9YEs7DNkb2Auwhmzf0SqcdlO/cXV17POc=' 'sha256-cQonxShNT1IfSfxwOOa2GnQjv3H9iqQdPYmUrW6Tl9w=' 'sha256-Dsxt1/qoUZUtAc/xB2KsqxHj3ORjhh9iGH+ezhmuyks=' 'nonce-qxbfbxjinwnnda';script-src-elem 'self' https://connect.facebook.net https://am.yahoo.co.jp https://b99.yahoo.co.jp https://www.google-analytics.com assets.adobedtm.com https://www.googletagmanager.com http://hm.mieru-ca.com https://hpjp.mieru-ca.com https://www.everestjs.net https://s.yimg.jp http://aigjapan.sc.omtrdc.net https://www.youtube.com 'sha256-dMIRRtml3Oi21Iaq03PtC+8mIuBozHki1nfF3K1YXgw=' 'sha256-Yw3/67WDFoT7czVF2RALaOaLaRtweKwjgMzcHEb7oIs=' 'sha256-+/WzJIUpU+5NsHuQGBp2n0iZvi5LUQ0h8K/qrDy2YJQ=' 'sha256-T4GdVguKtoAY/4wetSihwnlAEpUpN0SBr64TOJa8NU0=' 'sha256-KIDFo1cCsPZjm0CKg+wI3amz1hzD9mNUJ2+4AGHa3uU=' 'sha256-LBsTTQlX5+H68ly1EZvOY6Z9bHzQqntXIpb70r7UJis=' 'sha256-U/nEWHrEPshKXL66+Ph2p6sLJqyHx9w9Sjv8K1Ya0zU=' 'sha256-BcF795XkHI9YEs7DNkb2Auwhmzf0SqcdlO/cXV17POc=' 'sha256-cQonxShNT1IfSfxwOOa2GnQjv3H9iqQdPYmUrW6Tl9w=' 'sha256-Dsxt1/qoUZUtAc/xB2KsqxHj3ORjhh9iGH+ezhmuyks=' 'nonce-qxbfbxjinwnnda'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: na-data.kameleoon.io 1.b406929acabac9b095f124c81bdfcf57f.com www.mercurycards.com *.amazon-adsystem.com *.qualtrics.com *.ads-twitter.com adservice.google.com pixel.locker2.com bcdn-god.we-stats.com *.gstatic.com thefontzone.com consent.api.osano.com staticimages.mercurycards.com 1.a79ab95c1589a13f8a4cab612bc71f9f7.com t.co edge.fullstory.com mpsnare.iesnare.com logs.mercurycards.com *.googleusercontent.com www.google-analytics.com *.okta.com *.doubleclick.net newassets.hcaptcha.com images.ctfassets.net go.mercurycards.com rs.fullstory.com wss://mpsnare.iesnare.com 1.c81358859121583b7adf2ace89cb39f44.com cdn.contentful.com flex.cybersource.com *.kameleoon.eu *.twitter.com *.licdn.com hcaptcha.com www.googletagmanager.com wup.mercurycards.com tattle.api.osano.com cmp.osano.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-IranB1_7VEso130yZ8TmXw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri https://logs-01.loggly.com/inputs/4e92d8a9-baa6-4559-82e2-05428d10fa7b/tag/csp; report-to default 1
frame-ancestors 'self'; block-all-mixed-content; default-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' https://*qualtrics.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://www.googletagmanager.com https://googletagmanager.com maps.googleapis.com https://flex.cybersource.com https://maps.google.com http://localhost:35729; style-src 'self' 'report-sample' blob: 'unsafe-inline'; object-src 'none'; frame-src 'self' www.googletagmanager.com maps.google.com maps.googleapis.com https://*.cybersource.com; child-src 'self' www.googletagmanager.com; img-src 'self' data: blob: www.google-analytics.com ssl.google-analytics.com www.google.com analytics.google.com www.googletagmanager.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com; font-src 'self' data: https://flex.cybersource.com https://testflex.cybersource.com; connect-src 'self' https://*qualtrics.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: www.googletagmanager.com maps.googleapis.com maps.google.com ws://localhost:35729/livereload; manifest-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.googleapis.com *.shopogen.ro *.carrefour.ro carrefour.ro *.google.com www.googletagmanager.com *.googletagmanager.com facebook.com *.prefixbox.com *.tiktok.com *.jsdelivr.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.facebook.com *.instagram.com *.carrefour.ro carrefour.ro facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.googletagmanager.com *.doubleclick.net *.facebook.com *.dotdigital-pages.com *.dotdigital.com *.cookiebot.com *.google.com *.carrefour.ro carrefour.ro *.krxd.net *.hotjar.com *.jsdelivr.net *.btdirect.ro *.tiktok.com *.prefixbox.com facebook.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com 'self' data: *.googletagmanager.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.gstatic.com blob: *.3lift.com *.adnxs.com *.adsrvr.org *.bluekai.com *.casalemedia.com *.ck-ie.com *.contextweb.com *.dotomi.com *.flavedo.io *.flix360.com *.flix360.io *.flixcar.com *.google.ro *.google-analytics.com *.googleadservices.com *.kargo.com *.lijit.com *.mediaplex.com *.openx.net *.paypal.com *.pubmatic.com *.rlcdn.com *.rubiconproject.com servedbyadbutler.com *.sharethrough.com *.shopogen.ro *.stickyadstv.com *.tremorhub.com *.yahoo.com *.carrefour.ro carrefour.ro facebook.com *.krxd.net *.google.com www.googletagmanager.com *.tiktok.com *.prefixbox.com *.jsdelivr.net *.newrelic.com bam.eu01.nr-data.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.cookiebot.com *.dotomi.com *.flix360.com *.flix360.io *.flixcar.com *.flixfacts.com *.googleapis.com *.instagram.com *.jsdelivr.net *.newrelic.com *.paypal.com *.pingdom.net servedbyadbutler.com *.shopogen.ro *.carrefour.ro carrefour.ro chimpstatic.com www.googletagmanager.com *.krxd.net *.prefixbox.com *.tiktok.com *.cookielaw.org *.hotjar.com facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.shopogen.ro *.twitter.com *.typekit.net *.carrefour.ro carrefour.ro *.jsdelivr.net *.prefixbox.com *.tiktok.com maxcdn.bootstrapcdn.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.citrusad.com *.doubleclick.net *.flix360.io *.flixcar.com *.googleapis.com *.googlesyndication.com *.instagram.com *.onetrust.com *.paypal.com *.pingdom.net *.shopogen.ro *.carrefour.ro carrefour.ro *.cookielaw.org *.krxd.net *.hotjar.com *.jsdelivr.net *.prefixbox.com *.newrelic.com bam.eu01.nr-data.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.iyzipay.com *.gstatic.com *.cloudfront.net *.checkout.com data: 'self' 'unsafe-inline';frame-ancestors 'self';frame-src *.paypal.com *.tradedoubler.com *.brightcove.net *.gocredit.co.il *.demdex.net *.teads.tv *.euw2.pure.cloud 'self' 'unsafe-inline';img-src *.dyson.co.uk *.assetsadobe.com *.adform.net *.boldchat.com *.bazaarvoice.com *.paypalobjects.com *.paypal.com *.demdex.net *.everesttech.net *.googletagmanager.com *.boltdns.net *.brightcove.com *.teads.tv *.facebook.com *.doubleclick.net *.facebook.com *.google.co.in *.google.com *.dyson.co.il *.afterpay.com *.nagich.com *.omtrdc.net *.euw2.pure.cloud *.assetsadobe2.com *.amazonaws.com *.adobe.com *.google-analytics.com *.riskified.com data: 'self' 'unsafe-inline';script-src https://mt.adobe.launch.script.test.js *.tamara.co *.paypal.com *.paypalobjects.com *.amazonaws.com *.channeladvisor.com *.zencdn.net *.zip.co *.zipmoney.com.au *.salecycle.com *.teads.tv *.brightcove.net *.facebook.net *.googletagmanager.com *.afterpay.com *.nagich.com *.go-mpulse.net *.queue-it.net *.boldchat.com *.newrelic.com *.googleapis.com *.google-analytics.com *.adobedtm.com *.bazaarvoice.com *.optimizely.com *.nr-data.net *.newrelic.com *.euw2.pure.cloud blob: 'self' 'unsafe-inline' 'unsafe-eval';style-src *.gstatic.com *.checkout.com *.nagich.com *.googleapis.com *.optimizely.com 'self' 'unsafe-inline';object-src *.euw2.pure.cloud 'self' 'unsafe-inline';child-src *.euw2.pure.cloud blob: 'self' 'unsafe-inline';media-src *.dyson.com *.s3.amazonaws.com *.assetsadobe.com *.euw2.pure.cloud blob: 'self' 'unsafe-inline';manifest-src 'self' 'unsafe-inline';connect-src *.bazaarvoice.com *.boldchat.com *.paypal.com *.akstat.io *.akamaihd.net *.boltdns.net *.brightcove.com *.cloudfront.net *.teads.tv *.demdex.net *.doubleclick.net *.dyson.co.il *.google-analytics.com *.google.com *.googleadservices.com *.go-mpulse.net *.nagich.com *.omtrdc.net *.nr-data.net *.amazonaws.com *.newrelic.com *.euw2.pure.cloud 'self' 'unsafe-inline';base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src  'self' https:       'unsafe-inline' 'unsafe-eval'; style-src   'self' https:       'unsafe-inline'; font-src    'self' https: data: 'unsafe-inline'; img-src     'self' https: data:; connect-src 'self' https:; frame-src   'self' https://*.vipleiloes.com.br https://*.provedor.space https://streaming01.vplpar.com:5443; media-src   'self' https:; form-action 'self' https:; base-uri    'self'; frame-ancestors 'self' https://*.vipleiloes.com.br https://streaming01.vplpar.com:5443; object-src  'none'; 1
font-src *.klarnacdn.net *.fontawesome.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: *.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.braintreegateway.com *.typekit.net *.kaptcha.com *.creativecdn.com *.trustpilot.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://cdn.clerk.io *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com 'self' data: *.magentocommerce.com *.facebook.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.clerk.io https://cdn.clerk.io *.klarnacdn.net *.klarnaservices.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com *.googletagmanager.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://api.clerk.io https://cdn.clerk.io *.klarnacdn.net *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com *.typekit.net *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.slgnt.eu *.syteapi.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=cfUHbe1BoBHdHI3zSfzXHR08TWQOaNZOmvgfqRnzE4k-1721958613-1.0.1.1-C7Z6cOGtO41iVNSS.550wxMudSrUkmgJa64Cb3MqqKWBRRjVQ7XkZeE5aFnmcfqeS6qV5oXcO0lVdqiq.ItIoZGRqVZZ_vo8Wb3DskjSfWDvweShbpffYanZlv0nADHDGQSWWTo.NsmmmmCzHmO5xzamXCewk03pUphQh8JoGFMLdN2V6UZFC6dnlMMG06bS4zBD8HFHiH2m6Gr4DoSxfA; report-to cf-ptrphaekqxwwzhoo 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-af8fb15a3666466dab29ff280f1bc9c6' https://www.myconnectnyc.org 'self';img-src https://* 'self' blob: data:;style-src https://www.myconnectnyc.org 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1
object-src 'none';base-uri 'self';script-src 'nonce-bhqmChpjpCCiQX0r_aL44Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-0AZifAT37c_bmSR3H2eukQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-yjAIUmhS1s8fz_HuYHbQ7g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://5b0dfxfhuka0vuk5ju0see3i.httpschecker.net/report 1
font-src *.gstatic.com data: *.fontawesome.com *.alothemes.com *.magepow.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.apptrian.com www.northcom.se www.google.lv www.google.se www.google.dk www.google.no www.google.fi mcstaging.canac.ca canac.ca www.canac.ca www.facebook.com t.ofsys.com *.clarity.ms www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.alothemes.com *.magepow.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com connect.facebook.net s.pinimg.com ct.pinterest.com sdk.privacy-center.org t.ofsys.com *.clarity.ms js-agent.newrelic.com aq.flippenterprise.net 'self' js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.avada.io *.alothemes.com *.magepow.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.alothemes.com *.magepow.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com stats.g.doubleclick.net *.analytics.google.com ct.pinterest.com *.clarity.ms bam.nr-data.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-3043055afa2c45e9aabaec75aa52fe69' https://mywvuchart.com 'self';img-src https://* 'self' blob: data:;style-src https://mywvuchart.com 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1
object-src 'none';base-uri 'self';script-src 'nonce-XYe_8gbnVnqIW9Q4mQzebw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-1af7a04c99ce40e68e07cf923206ef30' https://mybeaumontchart.com 'self';img-src https://* 'self' blob: data:;style-src https://mybeaumontchart.com 'self' 'unsafe-inline';form-action 'self';media-src https://* 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-hwML2-g4VJ_TMo-FVavcxQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-jeWbRyKd-q4SnhVOHM3WRA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-n-qa1FPvHJlH13TO4mMJcg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-xXEoiPwdC1nP94XAjnIeXQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-hTNieh_ULFNyUkNmGPnl8Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-6gZExecyjJJ37qNK8oDXxg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-wU-LQAnCpzeSAUh3XBkqMw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: assets.adobedtm.com cdn.equalweb.com *.googleapis.com www.google.com *.2o7.net platform-api.sharethis.com cdn.krxd.net resources.digital-cloud-west.medallia.com c.ltmsphrcl.net data.stbuttons.click *.gstatic.com sync.sharethis.com *.demdex.net udc-neb.kampyle.com analytics.google.com t.sharethis.com platform-cdn.sharethis.com www.google-analytics.com *.omtrdc.net *.everesttech.net bcp.crwdcntrl.net www.everestjs.net buttons-config.sharethis.com www.calcxml.com l.sharethis.com *.doubleclick.net www.googletagmanager.com *.mathtag.com www.youtube.com cdn.polyfill.io ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: s3-us-west-2.amazonaws.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-Jj_xpse9ZBD9XmyXGHTCyA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-5YyyWvPm1LumOSqfIpHfPg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-bTNaWSgwCbLqurxI0DqU2A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-HtjdhhikNhtiZXzrDec4Tw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-NDfIZuXAxTmNqCmjGqqehw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-M5GQWWw_WDFLM6GSTmvpBw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'none'; frame-ancestors 'self'; font-src data: https://doublethedonation.com https://fonts.gstatic.com https://fonts.googleapis.com *.tiltify.com assets.tiltify.com site-assets.tiltify.com; img-src 'self' data: *.medium.com https://unsplash.it https://doublethedonation.com assets.tiltify.com site-assets.tiltify.com https://assets.tiltify.com *.bonfireassets.com *.paypal.com https://www.paypalobjects.com https://www.google-analytics.com https://static-cdn.jtvnw.net *.yt-img.com; object-src 'none'; script-src 'self' 'unsafe-inline' https://doublethedonation.com https://js.stripe.com *.tiltify.com assets.tiltify.com site-assets.tiltify.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://www.google.com *.paypal.com https://www.paypalobjects.com https://connect.facebook.net https://static-na.payments-amazon.com https://widget.freshworks.com; style-src 'self' 'unsafe-inline' *.tiltify.com assets.tiltify.com site-assets.tiltify.com https://doublethedonation.com https://fonts.googleapis.com https://widget.freshworks.com; connect-src 'self' *.amazon.com https://doublethedonation.com  *.googleapis.com *.tiltify.com tiltify.com assets.tiltify.com site-assets.tiltify.com wss://websockets.tiltify.com https://locale.tiltify.com https://sentry.io https://api.stripe.com https://cdn.optimizely.com https://www.google-analytics.com https://widget.freshworks.com *.paypal.com; frame-src 'self' https://rumble.com *.amazon.com *.payments-amazon.com *.facebook.com *.twitch.tv https://js.stripe.com https://hooks.stripe.com https://player.twitch.tv https://www.google.com https://www.youtube.com *.paypal.com https://www.paypalobjects.com; manifest-src *.tiltify.com site-assets.tiltify.com https://assets.tiltify.com 1
font-src fonts.gstatic.com use.typekit.net *.salesforce-sites.com *.salesforce.com *.force.com *.salesforceliveagent.com https://fonts.gstatic.com yotpo-stool.s3.amazonaws.com *.cloudflare.com *.googleapis.com www.google-analytics.com *.gstatic.com *.twitter.com *.typekit.net *.twimg.com *.yotpo.com 'self' data: *.bounceexchange.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.salesforce-sites.com *.salesforce.com *.force.com *.salesforceliveagent.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.bounceexchange.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.salesforce-sites.com *.salesforce.com *.force.com *.salesforceliveagent.com *.barbour.com *.jbs-uat.com admin.barbour.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com *.adyen.com *.sharethis.com *.salesforce-sites.com *.salesforce.com *.force.com *.salesforceliveagent.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.twitter.com *.youtube.com *.hotjar.com *.hotjar.io *.vimeo.com *.google.com *.paypal.com *.bounceexchange.com *.doubleclick.net *.pinterest.com *.facebook.com *.yotpo.com *.addthis.com *.dotmailer-surveys.com *.barbour.com *.jbs-uat.com admin.barbour.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com p.typekit.net s.ytimg.com *.adyen.com *.sharethis.com *.salesforce-sites.com *.salesforce.com *.force.com *.salesforceliveagent.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.by *.google-analytics.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.postcodeanywhere.co.uk *.cloudflare.com *.google.com *.google.co.uk maps.gstatic.com *.googleadservices.com *.googleapis.com *.yotpo.com yotpo-stool.s3.amazonaws.com https://yotpo-editor-production.s3.amazonaws.com *.doubleclick.net *.curalate.com wf1.mywebdata.co.uk *.bounceexchange.com *.bouncex.net *.paypal.com *.ytimg.com *.facebook.com *.facebook.net *.fbcdn.net *.klarna.com *.twitter.com *.twimg.com *.lightemporium.com *.usercentrics.eu *.barbour.com *.jbs-uat.com admin.barbour.com *.pinterest.com *.unpkg.com *.qubitproducts.com *.qubit.com *.gstatic.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.youtube.com *.adyen.com *.sharethis.com *.salesforce-sites.com *.salesforce.com *.force.com *.salesforceliveagent.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://maps.googleapis.com https://ct.pinterest.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.postcodeanywhere.co.uk *.bugherd.com *.cloudflare.com *.pcapredict.com acsbapp.com *.cloudflareinsights.com analytics.tiktok.com *.google.com *.gstatic.com *.google-analytics.com *.twimg.com *.paypal.com *.googletagmanager.com *.googleapis.com *.twitter.com *.yotpo.com js-agent.newrelic.com *.nr-data.net *.doubleclick.net *.hotjar.com *.hotjar.io www.bugherd.com *.iubenda.com *.iesnare.com *.newrelic.com s.pinimg.com wf1.mywebdata.co.uk *.pingdom.net *.bounceexchange.com *.curalate.com *.goqubit.com js.facebook.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.addthis.com *.moatads.com *.addthisedge.com *.dotmailer-surveys.com *.klarnaservices.com *.barbour.com *.jbs-uat.com admin.barbour.com 'unsafe-inline' data: *.bing.com *.wknd.ai https://www.googletagmanager.com tagmanager.google.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com *.sharethis.com *.salesforce-sites.com *.salesforce.com *.force.com *.salesforceliveagent.com https://fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.google.com *.gstatic.com *.google-analytics.com *.googleapis.com 'unsafe-inline' data: *.twitter.com *.typekit.net *.yotpo.com *.twimg.com *.postcodeanywhere.co.uk *.bounceexchange.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.klarnacdn.net *.barbour.com *.jbs-uat.com admin.barbour.com *.unpkg.com *.qubitproducts.com tagmanager.google.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.salesforce-sites.com *.salesforce.com *.force.com *.salesforceliveagent.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.iesnare.com *.cdnwidget.com *.barbour.com *.jbs-uat.com admin.barbour.com *.pinterest.com data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com *.adobe.io performance.typekit.net *.adyen.com *.sharethis.com *.salesforce-sites.com *.salesforce.com *.force.com *.salesforceliveagent.com https://maps.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.postcodeanywhere.co.uk *.acsbapp.com *.cloudflare.com *.google-analytics.com *.google.com *.googlesyndication.com *.twitter.com *.paypal.com *.twimg.com *.yotpo.com *.nr-data.net *.doubleclick.net analytics.tiktok.com *.hotjar.com *.hotjar.io wss://mpsnare.iesnare.com *.mpsnare.iesnare.com *.iubenda.com *.curalate.com *.qubit.com *.pingdom.net *.qubitproducts.com *.pinterest.com *.facebook.com *.barbour.com *.jbs-uat.com admin.barbour.com *.unpkg.com *.bouncex.net *.bounceexchange.com *.cdnwidget.com *.cdnbasket.net https://www.google-analytics.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src *.salesforce-sites.com *.salesforce.com *.force.com *.salesforceliveagent.com *.bounceexchange.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-4-1YgndNQTp3EjpV7360Ww' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Ndiu8Ro-poXyXPQSspKUgw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' blob: *.senado.gov.br *.senado.leg.br;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.senado.gov.br *.senado.leg.br *.youtube.com *.google-analytics.com www.googletagmanager.com vlibras.gov.br ajax.googleapis.com www.gstatic.com;img-src 'self' data: blob: *.senado.gov.br *.senado.leg.br *.ytimg.com *.google-analytics.com *.googletagmanager.com *.youtube.com *.gstatic.com vlibras.gov.br;connect-src 'self' *.senado.gov.br *.senado.leg.br vlibras.gov.br *.vlibras.gov.br www.google-analytics.com www.googletagmanager.com;font-src 'self' data: vlibras.gov.br cdnjs.cloudflare.com fonts.gstatic.com;style-src 'self' 'unsafe-inline' *.senado.gov.br *.senado.leg.br cdnjs.cloudflare.com fonts.googleapis.com;worker-src blob: *.senado.leg.br *.senado.gov.br;object-src 'none';frame-src 'self' *.senado.gov.br *.senado.leg.br *.youtube.com www.youtube-nocookie.com;base-uri 'self';frame-ancestors 'self' *.senado.gov.br *.senado.leg.br 1
object-src 'none';base-uri 'self';script-src 'nonce-EVtCDa2LcLEfItGVt4yUQA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-xZZFjYp0d-Y1abOe1hLskA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-jZWR_D1pd4zooZkAx-zUnQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-dZqcKec4yfgJeEOGw7tffg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-fROqs9t5Fld58fOZpejYOg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wargaming.net *.tvsquared.com *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com *.redditstatic.com s.yimg.jp https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com https://www.google.com.cy https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googleoptimize.com https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://www.googleadservices.com https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://stackadapt.com https://*.creative-serving.com https://*.criteo.com https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://*.stackadapt.com https://pagead2.googlesyndication.com https://secure.quantserve.com https://rules.quantcount.com https://*.clarity.ms s.yimg.jp ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com s.yimg.jp https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://*.facebook.com https://www.googleoptimize.com https://*.addthis.com https://*.google-analytics.com https://*.analytics.google.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://*.doubleclick.net https://*.googleapis.com https://pagead2.googlesyndication.com https://*.clarity.ms s.yimg.jp https://collect.worldoftanks.asia https://content-wg.gcdn.co https://api.worldoftanks.asia ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://tr.snapchat.com https://creativecdn.com https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 1
object-src 'none';base-uri 'self';script-src 'nonce-T-e0lgZQDsopqtTKs4zNow' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-2It-rFu6TBx2vvQdrzsh8g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net cdn.jsdelivr.net cdn.almapay.com *.klarnacdn.net *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnaevt.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.getalma.eu connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.klarna.com * *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com https://static.afterpay.com https://site-assets.afterpay.com/ *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ * data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com commerce.adobedtm.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com cdn.jsdelivr.net connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.klarna.com *.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io * *.stripe.com klarna.com *.klarnaevt.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com cdn.jsdelivr.net static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.klarnacdn.net https://static.klaviyo.com *.fontawesome.com * *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src * 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.getalma.eu connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com sessions.bugsnag.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io * *.stripe.com klarna.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-ug9jhuT9BfHPxPxFVpfDjA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-eWVgrx0G5-1BNxNkQYTXWA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.algolia.net *.algolianet.com *.clarity.ms *.drmax-gl.dev *.drmax-gl.space *.drmax-sk.space *.drmax.net *.drmax.sk *.drmax.zone *.drmax-gl.live *.facebook.com *.facebook.net *.fbcdn.net *.google-analytics.com *.google.com *.googleapis.com *.instagram.com *.sentry.io *.twitter.com api.luigisbox.com bam.eu01.nr-data.net bat.bing.com cdn.evgnet.com cdn.jsdelivr.net cdn.speedcurve.com cdn-4.convertexperiments.com cdp.drmaxsk.meiro.io cj.dotomi.com consent.cookiebot.com consentcdn.cookiebot.com ct.pinterest.com drmaxbdcsro.germany-2.evergage.com drmaxsvkepmhub.azurewebsites.net drmaxsvkepmhubtest.azurewebsites.net dynamic.criteo.com fledge.eu.criteo.com fonts.gstatic.com googleads.g.doubleclick.net gum.criteo.com im9.cz image-resizer-svc.drmax-gl.live image-resizer-svc.drmax-gl.space inres.uspech.sk insights.algolia.io js-agent.newrelic.com manager.eu.smartlook.cloud measurement-api.criteo.com pagead2.googlesyndication.com placement-service.drmax-gl.live placement-service.drmax-gl.space rec.smartlook.com rtp.persoo.ai s.pinimg.com s2.adform.net scripts.persoo.cz search-service.drmax-gl.space sslwidget.criteo.com static.cloudflareinsights.com static.criteo.net stats.g.doubleclick.net td.doubleclick.net track.adform.net unpkg.com webchat.drmax.sk www.googleoptimize.com www.googletagmanager.com www.gstatic.com www.kdukvh.com www.recaptcha.net www.redditstatic.com www.youtube-nocookie.com www.youtube.com ; report-to csp-endpoint; report-uri /_cspreports; img-src * data:; 1
object-src 'none';base-uri 'self';script-src 'nonce-CPTpzks-JbqlNb8rGicASA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-xJCoaBUB1MNRNHknxPODAQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-o2VkRVIRiU4qZuFFomrx9g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-5m8iVxWDRDK9IYMFNr7bwA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self';base-uri 'self';frame-ancestors 'self' https://*.epic.com https://*.geisinger.edu https://*.geisinger.org https://*.mycarecompass.edu https://*.mycarecompass.org https://*.mygeisinger.org https://geisinger.org https://www.geisinger.org;frame-src https://* 'self' epichttp: https://*.geisinger.edu;script-src https://mychart.mycarecompass.org 'self' 'unsafe-eval' 'unsafe-inline' https://*.geisinger.edu https://*.geisinger.org https://*.google.com https://*.googleapis.com https://*.gyantts.com https://*.jquery.com https://*.mycarecompass.org https://*.virtualearth.net https://ajax.microsoft.com https://mycarecompass.org https://twemoji.maxcdn.com https://unpkg.com https://www.gstatic.com;img-src https://* 'self' blob: data:;connect-src 'self' https://*.amazonaws.com https://*.gyantts.com wss://web.production.gyantts.com wss://web2.dev.gyantts.com wss://web2.production.gyantts.com;style-src https://mychart.mycarecompass.org 'self' 'unsafe-inline' https://*.geisinger.edu https://*.geisinger.org https://*.gyantts.com https://*.mycarecompass.org https://mycarecompass.org https://s3.amazonaws.com;worker-src 'self' blob:;child-src 'self' blob:;font-src 'self' https://*.gyantts.com https://s3.amazonaws.com;form-action 'self';media-src https://* 'self' blob:; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: adservice.google.com *.gstatic.com www.moncompteformation.gouv.fr static.piste.gouv.fr sdc-dfc.caissedesdepots.fr try.abtasty.com www.googletagmanager.com widgets.abtasty.com *.doubleclick.net *.googleapis.com dcinfos-cache.abtasty.com ariane.abtasty.com sdc.caissedesdepots.fr auth.franceconnect.gouv.fr ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-LtW6n-kPBii42SPb696bFQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://*.facebook.com https://*.aralego.com https://*.brightcove.net *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.tappaysdk.com google.com *.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.tappaysdk.com google.com *.google.com https://*.criteo.com www.facebook.com https://*.decathlon.tw https://*.aralego.com https://*.brightcove.net https://*.digital-cloud-west.medallia.com https://*.kampyle.com *.freshworks.com *.freshchat.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://mas.astralweb.com.tw www.gstatic.com https://*.google.com https://*.google.com.tw https://*.facebook.com https://*.bing.com https://*.mediadecathlon.com https://*.decathlon.tw https://*.aralego.com https://*.aralego.net https://*.g.doubleclick.net https://*.awoo.org http://*.brightcove.net https://*.digital-cloud-west.medallia.com https://*.kampyle.com/ https://*.brightcove.com https://*.brightcove.net http://*.boltdns.net/ http://*.brightcove.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.tappaysdk.com google.com *.google.com https://*.google.com https://*.facebook.net https://*.g.doubleclick.net https://*.criteo.com http://*.criteo.com http://*.criteo.net https://deploy.mopinion.com https://*.bing.com https://try.abtasty.com https://www.clarity.ms https://*.abtasty.com https://*.googleapis.com https://*.mediadecathlon.com https://*.decathlon.tw https://*.aralego.com https://*.newrelic.com https://*.nr-data.net https://*.awoo.org https://*.brightcove.net https://*.digital-cloud-west.medallia.com https://*.kampyle.com https://vjs.zencdn.net https://*.brightcove.com http://*.brightcove.com *.freshworks.com *.freshchat.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.tappaysdk.com google.com *.google.com *.freshworks.com *.freshchat.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://*.brightcove.com http://*.brightcove.net https://*.brightcove.com https://*.brightcove.net 'self' 'unsafe-inline'; manifest-src *.tappaysdk.com google.com *.google.com *.freshworks.com *.freshchat.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.tappaysdk.com google.com *.google.com https://analytics.google.com https://connect.facebook.net www.facebook.com https://*.g.doubleclick.net https://*.criteo.com https://deploy.mopinion.com http://deploy.mopinion.com https://*.google.com https://*.google.com.tw https://b.clarity.ms https://*.abtasty.com https://*.decathlon.tw https://*.aralego.com https://*.nr-data.net https://*.awoo.org http://*.brightcove.net https://*.digital-cloud-west.medallia.com https://*.kampyle.com https://*.brightcove.com http://*.boltdns.net http://*.akamaihd.net http://*.brightcove.com https://*.brightcove.net *.freshworks.com *.freshchat.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; frame-ancestors 'none'; connect-src 'self' www.ntppool.org st.ntppool.org 8ll7xvh0qt1p.statuspage.io; font-src fonts.gstatic.com; form-action 'self' mailform.ntppool.org checkout.stripe.com; img-src 'self' st.ntppool.org st.pimg.net news.ntppool.org *.mapper.ntppool.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.statuspage.io st.ntppool.org st.pimg.net news.ntppool.org www.mapper.ntppool.org js.stripe.com; style-src 'self' fonts.googleapis.com st.ntppool.org st.pimg.net news.ntppool.org; report-uri https://ntppool.report-uri.com/r/t/csp/wizard 1
font-src cdn.jsdelivr.net fonts.gstatic.com cdn.almapay.com https://fonts.gstatic.com https://ws.colissimo.fr *.sagepay.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.sagepay.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.getalma.eu *.weltpixel.com *.sagepay.com *.dotdigital-pages.com *.dotdigital.com *.google.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.afd.co.uk https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr https://www.magezon.com *.paypal.com *.sagepay.com ebizmarts-website.s3.amazonaws.com *.trackedlink.net 'self' data: *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.google.com *.afd.co.uk cdn.jsdelivr.net jquery.sellxed.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com widget.proximis.com *.sagepay.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal https://cdnjs.cloudflare.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com *.sagepay.com https://cdnjs.cloudflare.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com pce.afd.co.uk *.getalma.eu https://nominatim.openstreetmap.org *.paypal.com *.sagepay.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'none'; report-uri https://13fc2e96c75baedc98bc60c37c2c93be.report-uri.com/r/d/csp/wizard; script-src 'strict-dynamic' 'nonce-E5Rsc8QMi7mMZg/bBhhW8A=='; 1
script-src 'nonce-FJeGFppGKTaIyZQS47C3nw' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' oqvestir.com.br *.oqvestir.com.br oqvestir.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store *.adyen.com *.pagar.me *.mundipagg.com *.g.doubleclick.net *.doubleclick.net oqvestir.fbitsstatic.net *.criteo.com *.clarity.ms capig.shop2gether.com.br q.clarity.ms static.criteo.net clarity.ms sslwidget.criteo.com dynamic.criteo.com googleads.g.doubleclick.net gum.criteo.com bat.bing.com google.com.br googleadservices.com tags.creativecdn.com apigate.shop2gether.com.br o.clarity.ms *.creativecdn.com *.braintree-api.com *.*.braintree-api.com *.braintreegateway.com *.*.braintreegateway.com *.pagseguro.com.br *.*.pagseguro.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.oqvestir.com.br oqvestir.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho 1
policy 1
object-src 'none';base-uri 'self';script-src 'nonce-MHG2R-Ev-hMQS6VuNI8wGw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
connect-src 'self' https://www.google-analytics.com *.google-analytics.com *.doubleclick.net *.analytics.google.com *.googletagmanager.com https://www.google.fi https://bam.nr-data.net *.bing.com wss://*.bing.com *.clarity.ms https://www.facebook.com https://locationservice.posti.com *.giosg.com *.adform.net *.giosgusercontent.com *.krxd.net *.swogo.net *.zdassets.com *.zopim.com *.zendesk.com wss://*.zopim.com *.sync.ksync.fi *.ksync.k-rauta.fi inpref.com *.inpref.com https://d2wzl9lnvjz3bh.cloudfront.net *.via.placeholder.com *.google.com *.google.se *.google.no *.google.fr *.google.co.uk *.google.ru *.google.de *.google.es *.google.dk *.google.nl https://survey.feedbackly.com *.sync.kesko.fi https://js.testfreaks.com *.optimizely.com; img-src 'self' data: *.keskofiles.com http://public-qa.keskofiles.com *.imgix.net https://www.google-analytics.com https://www.googletagmanager.com *.googletagmanager.com https://ssl.gstatic.com *.doubleclick.net https://www.gstatic.com https://www.google.se https://www.google.fi https://www.google.com *.analytics.google.com images.contentful.com images.ctfassets.net https://keskoanalytics.s3.eu-central-1.amazonaws.com https://maps.googleapis.com *.bing.com *.microsoft.com https://www.facebook.com https://img.youtube.com *.giosg.com *.adform.net *.giosgusercontent.com *.krxd.net https://giosg-chat-public-eu.s3.amazonaws.com *.ytimg.com *.videoly.co *.wistia.com *.wistia.net *.swogo.net https://optimize.google.com *.googleoptimize.com *.zdassets.com *.zopim.io *.sync.ksync.fi *.via.placeholder.com *.vumbnail.com *.sync.kesko.fi *.images.testfreaks.com; manifest-src 'self'; font-src 'self' https://fonts.gstatic.com 'unsafe-inline' data: *.giosg.com *.adform.net *.giosgusercontent.com *.krxd.net *.swogo.net *.cloudfront.net *.googleoptimize.com *.sync.ksync.fi https://sync.kesko.fi; frame-src 'self' *.doubleclick.net *.youtube.com *.youtu.be https://utm.keskoanalytics.com/ https://keskoanalytics.s3.eu-central-1.amazonaws.com sdx.microsoft.com https://www.facebook.com https://plussa.com/ https://www.plussa.com https://www.prkk.fi https://games.kesko.fi https://www.kromo.eu *.giosg.com *.adform.net *.giosgusercontent.com *.krxd.net *.kesko.fi http://krauta-fi.stage.rautakesko.episerverhosting.com *.stage.rautakesko.episerverhosting.com *.prod.rautakesko.episerverhosting.com *.thinglink.com https://optimize.google.com *.googleoptimize.com *.sync.ksync.fi https://sync.ksync.fi https://widget.trustpilot.com *.vimeo.com *.optimizely.com; style-src 'self' 'unsafe-inline' blob: https://tagmanager.google.com https://fonts.googleapis.com *.analytics.google.com *.googletagmanager.com https://keskoanalytics.s3.eu-central-1.amazonaws.com *.bing.com *.giosg.com *.cloudfront.net https://optimize.google.com *.googleoptimize.com https://sync.kesko.fi; script-src 'self' 'unsafe-inline' *.keskofiles.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com http://tagmanager.google.com *.doubleclick.net https://www.googleadservices.com *.analytics.google.com *.googletagmanager.com https://js-agent.newrelic.com https://bam.nr-data.net https://keskoanalytics.s3.eu-central-1.amazonaws.com https://scjc708q0d.execute-api.eu-west-1.amazonaws.com https://bat.bing.com https://r.bing.com https://connect.facebook.net *.giosg.com *.adform.net *.giosgusercontent.com *.krxd.net 'unsafe-eval' *.videoly.co *.swogo.net *.cloudfront.net https://optimize.google.com www.googleoptimize.com *.googleoptimize.com *.zdassets.com *.zopim.com *.zendesk.com *.kesko.fi *.kesko.se *.sync.ksync.fi inpref.com *.inpref.com https://d2wzl9lnvjz3bh.cloudfront.net fi1.frosmo.com *.fi1.frosmo.com https://d2oarllo6tn86.cloudfront.net *.k-rauta.fi https://widget.trustpilot.com https://sync.kesko.fi *.r.testfreaks.com https://js.testfreaks.com https://cr.testfreaks.com https://code.jquery.com https://scandit.com https://ssl.scandit.com; style-src-elem 'self' 'unsafe-inline' https://optimize.google.com *.googleoptimize.com *.sync.ksync.fi *.k-rauta.fi https://sync.kesko.fi; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com *.googletagmanager.com https://ssl.gstatic.com *.doubleclick.net https://www.gstatic.com https://www.google.se https://www.google.fi https://www.google.com *.analytics.google.com *.bing.com *.clarity.ms https://connect.facebook.net *.giosg.com *.adform.net *.giosgusercontent.com *.krxd.net *.videoly.co *.swogo.net *.cloudfront.net https://optimize.google.com *.googleoptimize.com *.zdassets.com *.zopim.com *.zendesk.com *.k-rauta.fi https://widget.trustpilot.com https://survey.feedbackly.com https://sync.kesko.fi *.r.testfreaks.com https://js.testfreaks.com https://cr.testfreaks.com https://code.jquery.com *.optimizely.com; media-src videos.contentful.com videos.ctfassets.net *.zdassets.com; default-src *.videoly.co *.youtube-nocookie.com *.youtube.com *.ytimg.com *.wistia.com *.wistia.net; frame-ancestors *.k-rauta.fi; report-uri https://www.k-rauta.fi/csp-report; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.facebook.com 3dsecure.nexi.it *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.nexigroup.com *.redsys.es *.sia.eu *.vinea.es *.ing.ro *.landbank.com *.eewosecure.com *.sibs.ro *.mercurypaymentservices.it *.netsgroup.com *.cic.fr *.creditmutuel.fr *.modirum.com *.secure.lcl.fr *.arcot.com www.securesuite.co.uk *.wlp-acs.com *.otpbank.hu *.3ds-hanseaticbank.de *.abanca.com *.securesuite.co.uk *.revolut.com *.apata.io *.ing.com *.psa.at *.stripeauthentications.com www.secure22gw.ro *.secure22gw.ro *.winbank.gr *.piraeusbank.gr www.rsa3dsauth.co.uk *.n26.com *.egcp.com *.cardcomplete.com *.sibs.pt *.swedbank.se *.3dsecure.no *.citibank.pl 3dsecure-vrp.de *.3dsecure-vrp.de *.consorsfinanz.de *.emlpayments.com *.bnpparibas.pl *.pluscard.de *.sgb.pl *.cm-cic.com *.edb.com *.cyris.com *.garantibank.ro *.kombank.com:8449 *.pkobp.pl *.sebkort.com *.enfuce.com:* *.cardcenter.ch *.bankmillennium.pl *.nbg.gr *.easybank.at *.bpcprocessing.com *.capitalone.com *.kbcard.com *.sparebank1.no *.viseca.ch *.luottokunta.fi *.csi-processing.com *.cld.asseco-see.hr *.bankid.no *.ibotta.com *.marqeta.com *.raiffeisen.hu *.fisglobal.com *.3debspay.boc.cn *.btrl.ro *.sparkassen-kreditkarten.de *.firstdata.de *.bonuscard.ch *.cornercard.ch *.dkb.de *.sparkasse.at *.uobgroup.com *.bkm.com.tr *.garanti.com.tr *.acb.com.vn:* *.borica.bg *.hdbank.com.vn:* *.kredobank.com.ua *.mbank.pl *.s-id-check-sparkassen.de *.six-group.com *.sbanken.no *.credit-agricole.pl *.samsungcard.com *.mycardplace.com *.otpbanka.hr *.apac.citibank.com *.monzo.com *.alinma.com *.rsa3dsauth.com rsa3dsauth.com easyabc.95599.cn *.easyabc.95599.cn *.bov.com *.ipc.kg *.oschadbank.ua *.qnb.com *.seglan.com *.placetopay.com *.postfinance.ch *.leobank.az *.maybank.com.sg *.raiffeisenbank.rs *.tatrabanka.sk *.ocbc.com *.cupdapp.cn *.fssnet.co.in *.gc.ge *.luminorgroup.com *.swisscard.ch *.targobank.de *.bankofafrica.ma *.rba.hr *.privatbank.ua *.3dsecure-csas.cz *.smartsecure.tsys.co.uk *.ccb.com.cn *.2c2p.com *.bci.cl *.commerzbank.de mycardsecure.com *.mycardsecure.com *.citadele.lv *.creditcard.ecitic.com *.monext.fr *.pekao24.pl *.nonghyup.com *.acs.cmbchina.com *.comdirect.de *.mutuauniversal.net *.centrum24.pl *.acdcproc.com *.akbank.com.tr *.paylife.at *.hanacard.co.kr:* *.ufc.ge *.gpesecure.com *.cafis-paynet.jp *.lloydsbankinggroup.com *.mitid.dk *.nccc.com.tw *.cebbank.com *.rpc-raiffeisen.com *.upc.ua *.kapitalbank.az *.ukrsibbank.com *.bcc.kz:* *.cgbchina.com.cn *.klikbca.com *.sumup.com *.hpb.hr *.inecoecom.am *.redbanc.cl *.yapikredi.com.tr *.emv.acs.opentech.com *.attijariwafa.com *.areq.mpts.modirum.com:* *.bkm.com.tr:* *.3dsacs.net *.maybank.com.my *.wibmo.com *.icicibank.com *.afs.com.bh *.kaspi.kz *.ntctr.acs.danskebank.com *.optimuscards.com *.abmb.com.my *.slsp.sk *.zen.com *.sparda.de *.ecommerce.md *.spdb.com.cn:* *.smartsecure.tsys.co.uk:* *.acswbpd.ccb.com *.eahli.com *.zaba.hr *.fortebank.com *.fuib.com *.estcard.ee *.tribepayments.com *.ctbcbank.com *.armbusinessbank.am *.bancochile.cl *.cathaybk.com.tw *.soldo.com *.capitecbank.co.za *.mbank.sk *.starlingbank.com *.hitrust-us.com:9750 *.enginebystarling.net *.cardinalcommerce.com:* *.id.mastercard.bunq.com *.santander.cl *.secureacs.com *.bog.ge *.consorsbank.de *.ing.de *.icbc.com.cn *.hsbc.co.id *.rpc-raiffeisen.com:* *.stcpay.com.sa *.3dsecure-atruvia.de *.hu.bpcbt.com *.a-bank.com.ua *.ipakyulibank.uz:* bezpecne-platby.rb.cz *.bezpecne-platby.rb.cz *.santander.com.br *.2c2p.com:* *.asseco-see.hr:* particuliers.sg.fr *.particuliers.sg.fr *.bccard.com *.petafuel.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.sharethis.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.gigya.com pay.google.com consentcdn.cookiebot.com www.youtube.com vimeo.com *.facebook.com https://www.yumpu.com/ *.snapchat.com *.doubleclick.de *.doubleclick.ne *.doubleclick.net *.sc-static.net sc-static.net *.container.webgains.link 3dsecure.nexi.it *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.recaptcha.net *.google.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.nexigroup.com *.redsys.es *.sia.eu *.vinea.es *.ing.ro *.landbank.com *.eewosecure.com *.sibs.ro *.mercurypaymentservices.it *.netsgroup.com *.cic.fr *.creditmutuel.fr *.modirum.com *.secure.lcl.fr *.arcot.com www.securesuite.co.uk *.wlp-acs.com *.otpbank.hu *.3ds-hanseaticbank.de *.abanca.com *.securesuite.co.uk *.revolut.com *.apata.io *.ing.com *.psa.at *.stripeauthentications.com www.secure22gw.ro *.secure22gw.ro *.winbank.gr *.piraeusbank.gr www.rsa3dsauth.co.uk *.n26.com *.egcp.com *.cardcomplete.com *.sibs.pt *.swedbank.se *.3dsecure.no *.citibank.pl 3dsecure-vrp.de *.3dsecure-vrp.de *.consorsfinanz.de *.emlpayments.com *.bnpparibas.pl *.pluscard.de *.sgb.pl *.cm-cic.com *.edb.com *.cyris.com *.garantibank.ro *.kombank.com:8449 *.pkobp.pl *.sebkort.com *.enfuce.com:* *.cardcenter.ch *.bankmillennium.pl *.nbg.gr *.easybank.at *.bpcprocessing.com *.capitalone.com *.kbcard.com *.sparebank1.no *.viseca.ch *.luottokunta.fi *.csi-processing.com *.cld.asseco-see.hr *.bankid.no *.ibotta.com *.cardinalcommerce.com *.marqeta.com *.raiffeisen.hu *.fisglobal.com *.3debspay.boc.cn *.btrl.ro *.sparkassen-kreditkarten.de *.firstdata.de *.bonuscard.ch *.cornercard.ch *.dkb.de *.sparkasse.at *.uobgroup.com *.bkm.com.tr *.garanti.com.tr *.acb.com.vn:* *.borica.bg *.hdbank.com.vn:* *.kredobank.com.ua *.mbank.pl *.s-id-check-sparkassen.de *.six-group.com *.sbanken.no *.credit-agricole.pl *.samsungcard.com *.mycardplace.com *.otpbanka.hr *.apac.citibank.com *.monzo.com *.alinma.com *.rsa3dsauth.com rsa3dsauth.com easyabc.95599.cn *.easyabc.95599.cn *.bov.com *.ipc.kg *.oschadbank.ua *.qnb.com *.seglan.com *.placetopay.com *.postfinance.ch *.leobank.az *.maybank.com.sg *.raiffeisenbank.rs *.tatrabanka.sk *.ocbc.com *.cupdapp.cn *.fssnet.co.in *.gc.ge *.luminorgroup.com *.swisscard.ch *.targobank.de *.bankofafrica.ma *.rba.hr *.privatbank.ua *.3dsecure-csas.cz *.smartsecure.tsys.co.uk *.ccb.com.cn *.2c2p.com *.bci.cl *.commerzbank.de mycardsecure.com *.mycardsecure.com *.citadele.lv *.creditcard.ecitic.com *.monext.fr *.pekao24.pl *.nonghyup.com *.acs.cmbchina.com *.comdirect.de *.mutuauniversal.net *.centrum24.pl *.acdcproc.com *.akbank.com.tr *.paylife.at *.hanacard.co.kr:* *.ufc.ge *.gpesecure.com *.cafis-paynet.jp *.lloydsbankinggroup.com *.mitid.dk *.nccc.com.tw *.cebbank.com *.rpc-raiffeisen.com *.upc.ua *.kapitalbank.az *.ukrsibbank.com *.bcc.kz:* *.cgbchina.com.cn *.klikbca.com *.sumup.com *.hpb.hr *.inecoecom.am *.redbanc.cl *.yapikredi.com.tr *.emv.acs.opentech.com *.attijariwafa.com *.areq.mpts.modirum.com:* *.bkm.com.tr:* *.3dsacs.net *.maybank.com.my *.wibmo.com *.icicibank.com *.afs.com.bh *.kaspi.kz *.ntctr.acs.danskebank.com *.optimuscards.com *.abmb.com.my *.slsp.sk *.zen.com *.sparda.de *.ecommerce.md *.spdb.com.cn:* *.smartsecure.tsys.co.uk:* *.acswbpd.ccb.com *.eahli.com *.zaba.hr *.fortebank.com *.fuib.com *.estcard.ee *.tribepayments.com *.ctbcbank.com *.armbusinessbank.am *.bancochile.cl *.cathaybk.com.tw *.soldo.com *.capitecbank.co.za *.mbank.sk *.starlingbank.com *.hitrust-us.com:9750 *.enginebystarling.net *.cardinalcommerce.com:* *.id.mastercard.bunq.com *.santander.cl *.secureacs.com *.bog.ge *.consorsbank.de *.ing.de *.icbc.com.cn *.hsbc.co.id *.rpc-raiffeisen.com:* *.stcpay.com.sa *.3dsecure-atruvia.de *.hu.bpcbt.com *.a-bank.com.ua *.ipakyulibank.uz:* bezpecne-platby.rb.cz *.bezpecne-platby.rb.cz *.santander.com.br *.2c2p.com:* *.asseco-see.hr:* particuliers.sg.fr *.particuliers.sg.fr *.bccard.com *.petafuel.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net commerce.adobe.io widgets.magentocommerce.com data: www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com *.sharethis.com *.trackedlink.net *.gigya.com 'self' data: 'unsafe-inline' data: *.magentosite.cloud panini.it *.googleapis.com *.gstatic.com bam.nr-data.net www.panini.it www.paninibelgium.com www.panini.co.il www.panini.es www.panini.co.uk www.panini.fr www.panini.ch www.panininederland.com www.paninihungary.com www.panini.pl www.paniniportugal.com www.paninistore.com www.panini.ro www.panini.com.gr www.panini.de collectibles.paniniamerica.net www.paninisuomi.com www.paninisverige.com www.paninidanmark.com www.panininorge.com *.bing.com ib.adnxs.com *.facebook.com *.tiktok.com *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.cookiebot.com *.doubleclick.net *.google.com *.google.it *.google.fr *.google.es *.google.be *.twitter.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.adyen.com *.sharethis.com jquery.sellxed.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.gigya.com https://cdnjs.cloudflare.com *.panini.it *.facebook.net *.googleapis.com js-agent.newrelic.com bam.eu01.nr-data.net bam.nr-data.net consent.cookiebot.com consentcdn.cookiebot.com *.clarity.ms cdn.noibu.com wss://*.noibu.com https://*.noibu.com *.queue-it.net *.bing.com *.sc-static.net sc-static.net *.adnxs.com *.acdn.adnxs.com acdn.adnxs.com https://players.yumpu.com *.snapchat.com *.facebook.com *.connect.facebook.net connect.facebook.net *.ads-twitter.com *.google.com *.google.it *.recaptcha.net *.tiktok.com analytics.webgains.io *.webgains.link *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.collectibles.paniniamerica.net *.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.cardinalcommerce.com cdns.eu1.gigya.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.sharethis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com 'unsafe-inline' data: *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com js-agent.newrelic.com *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.collectibles.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.adyen.com *.sharethis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.panini.it *.gigya.com *.pnn.webformat.cloud *.googleapis.com consentcdn.cookiebot.com consent.cookiebot.com *.facebook.com google.com/pay pay.google.com wss://*.noibu.com https://*.noibu.com bam.nr-data.net paninitutor-be-stage.nw.r.appspot.com paninitutor-be-prod.nw.r.appspot.com clarity.ms *.clarity.ms paniniadrenalyn.com *.paniniadrenalyn.com paninitutor-be-stage.appspot.com paninitutor-be-prod.appspot.com *.snapchat.com *.google.com *.google.it *.doubleclick.net *.pagead2.googlesyndication.com *.tiktok.com *.webgains.io *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.bing.com *.google.fr *.google.es *.google.be *.googlesyndication.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.cardinalcommerce.com myp3-cdc-global.mypanini.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src wss://*.noibu.com https://*.noibu.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';report-uri https://www.panini.it/shp_ita_it/webformat_csptools/report/; 1
default-src 'none'; connect-src 'self' https://stats.utrecht.nl https://cdn-eu.readspeaker.com https://chatapi.obi4wan.com/api https://cloudstatic.obi4wan.com https://cloudstatic.obi4wan.com/api https://virtuele-gemeente-assistent.nl wss://virtuele-gemeente-assistent.nl/socket.io/ wss://ws-eu.pusher.com/app https://openforms-pdv.cg-intern.ont.utrecht.nl; font-src 'self' https://openforms-pdv.cg-intern.ont.utrecht.nl data:; form-action 'self' https://action.spike.email https://www.utrecht.nl; frame-src 'self' https://sketchfab.com https://utrecht-kaarten-review-acc-skda4g.delta10-review.nl https://atlas-utrecht.delta10-review.nl https://e.infogram.com https://www.utrecht.nl https://www.youtube-nocookie.com https://naardebasisschool.utrecht.onatlas.nl; img-src 'self' https://www.utrecht.nl data: https://virtuele-gemeente-assistent.nl https://*.siteimproveanalytics.io https://www.toegankelijkheidsverklaring.nl ; media-src ; script-src 'self' https://cdn-eu.readspeaker.com https://stats.utrecht.nl https://www.utrecht.nl https://redactie-acceptatie.utrecht.nl https://virtuele-gemeente-assistent.nl https://public.pandosearch.com https://siteimproveanalytics.com https://openforms-pdv.cg-intern.ont.utrecht.nl https://cloudstatic.obi4wan.com https://search.enrise.com https://e.infogram.com 'nonce-2DszJ6S5wukVGwpoF0t+hg=='; style-src https://cdn-eu.readspeaker.com https://www.utrecht.nl https://redactie-acceptatie.utrecht.nl https://test.utrecht.typocloud.nl https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl 'nonce-2DszJ6S5wukVGwpoF0t+hg==' https://openforms-pdv.cg-intern.ont.utrecht.nl; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-387b846a91434c6181d6f9470abb7065' https://www.mysanfordchart.org 'self';img-src https://* 'self' blob: data:;style-src https://www.mysanfordchart.org 'self' 'unsafe-inline' fonts.googleapis.com;worker-src 'self' blob:;child-src 'self' blob:;font-src 'self' fonts.googleapis.com fonts.gstatic.com;form-action 'self';media-src https://* 'self' blob:;report-uri https://csp-reporting.sanfordhealth.org/; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: sync.sharethis.com api.mercadolibre.com *.qualtrics.com *.doubleclick.net *.facebook.com *.facebook.net www.chopo.com.mx *.twitter.com www.googletagmanager.com *.googleapis.com ws.sharethis.com *.linkedin.com events.mercadopago.com *.crazyegg.com sdk.mercadopago.com *.clarity.ms google.com t.sharethis.com l.sharethis.com u.mitec.com.mx commerce.adobe.io *.licdn.com api.mercadopago.com bam.nr-data.net www.mercadolibre.com www.google-analytics.com *.ads-twitter.com unpkg.com www.google.com.mx js-agent.newrelic.com commerce.adobedc.net bcp.crwdcntrl.net analytics.google.com *.gstatic.com t.co cdnjs.cloudflare.com commerce.adobedtm.com magento-recs-sdk.adobe.net www.youtube.com platform-api.sharethis.com adservice.google.com http2.mlstatic.com cdn.jsdelivr.net www.google.com www.mercadopago.com.mx mcstaging.chopo.com.mx ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src https://*.gstatic.com https://fonts.gstatic.com https://widgets.xsellco.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com *.sharethis.com account.fetchify.com *.klarna.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com https://*.gstatic.com *.sharethis.com *.klarna.com *.klarnaevt.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.sharethis.com *.klarna.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com/ *.sharethis.com cc-cdn.com https://widgets.xsellco.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.sharethis.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.klarnaevt.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src 'self' *.s3.eu-west-1.amazonaws.com api.locize.app *.cookiepro.com  *.hubspot.com forms.hscollectedforms.net forms.hsforms.com www.youtube.com www.youtube-nocookie.com i.ytimg.com https://api.atelierdeschefs.fr www.google.com apis.google.com *.googleapis.com *.kameleoon.io https://atelierdeschefs-prod-2700e.firebaseapp.com checkoutshopper-live.adyen.com *.cdn.adyen.com checkout.getalma.eu api.getalma.eu https://cdn.jsdelivr.net hooks.stripe.com geolocation.onetrust.com *.google-analytics.com connect.facebook.net www.facebook.com bat.bing.com googleads.g.doubleclick.net www.googleadservices.com *.google.com analytics.tiktok.com *.doubleclick.net *.wlp-acs.com *.monext.fr *.cic.fr *.creditmutuel.fr *.marqeta.com *.secure.lcl.fr 3ds.redsys.es vercel.live;    script-src 'self' 'unsafe-eval' 'unsafe-inline' *.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net js.usemessages.com track.hubspot.com js.hsleadflows.net www.googletagmanager.com *.cookiepro.com  www.youtube.com www.youtube-nocookie.com i.ytimg.com *.kameleoon.io www.google.com apis.google.com *.googleapis.com checkoutshopper-live.adyen.com *.cdn.adyen.com checkout.getalma.eu api.getalma.eu https://cdn.jsdelivr.net hooks.stripe.com geolocation.onetrust.com *.google-analytics.com connect.facebook.net www.facebook.com bat.bing.com googleads.g.doubleclick.net www.googleadservices.com *.google.com analytics.tiktok.com *.doubleclick.net *.wlp-acs.com *.monext.fr *.cic.fr *.creditmutuel.fr *.marqeta.com *.secure.lcl.fr 3ds.redsys.es vercel.live *.gstatic.com;    style-src 'self' 'unsafe-inline';    img-src 'self' blob: data: *.hubspot.com forms.hscollectedforms.net forms.hsforms.com *.cookiepro.com  www.googletagmanager.com www.youtube.com www.youtube-nocookie.com i.ytimg.com purecatamphetamine.github.io dxpulwm6xta2f.cloudfront.net d165zz1olxm90a.cloudfront.net *.s3.eu-west-1.amazonaws.com checkoutshopper-live.adyen.com *.cdn.adyen.com connect.facebook.net www.facebook.com bat.bing.com www.google-analytics.com googleads.g.doubleclick.net https://translate.google.com *.google.com *.google.ie *.google.fr *.google.be *.google.ca *.google.ch *.google.tn *.google.dz *.google.co.uk *.google.es *.google.lu *.google.de *.google.sn *.google.ci *.google.co.il *.google.mg *.google.it *.google.pt *.google.com.mx *.google.com.ma *.google.mu *.google.nl *.google.com.au *.google.com.br *.google.co.th *.google.co.ma *.google.cm *.google.ae *.google.co.jp *.google.cd *.google.com.lb *.google.ga *.google.ad *.google.co.nz *.google.sk *.google.com.tr *.google-analytics.com googleads.g.doubleclick.net www.googleadservices.com *.google.com *.gstatic.com;    font-src 'self' data: fonts.atelierdeschefs.fr at.alicdn.com fonts.gstatic.com github.com;    object-src data:;    base-uri 'self';    form-action 'self' *.wlp-acs.com *.monext.fr *.cic.fr *.creditmutuel.fr *.marqeta.com *.secure.lcl.fr 3ds.redsys.es connect.facebook.net www.facebook.com;    frame-ancestors 'none';    frame-src connect.facebook.net www.facebook.com;    manifest-src 'self';    block-all-mixed-content;    report-uri csp-report.browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=pubc9d6ee3ce79da61dcd985b50012b6709&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env%3Aprod 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: click.prod.mplat-ppcprotect.com *.optimizely.com pclick.prod.mplat-ppcprotect.com *.cloudfront.net *.clarity.ms munchkin.marketo.net analytics.google.com wa-us.fundingcircle.com *.mktoresp.com otel-collector.fundingcircle.com static.fundingcircle.com *.doubleclick.net www.fundingcircle.com dataplane.rum.eu-west-1.amazonaws.com www.google.ie borrower-api.fundingcircle.com cdn-account.optimonk.com *.hotjar.com *.facebook.com assets-frontend.fundingcircle.com *.linkedin.com cdn.amplitude.com cdn-renderer.optimonk.com adservice.google.com content.hotjar.io *.gstatic.com cdn-asset.optimonk.com www.youtube.com *.marketo.com api.honeybadger.io www.consumersadvocate.org www.google.co.uk api.segment.io *.googleadservices.com app.pageproofer.com front.optimonk.com bat.bing.com api.amplitude.com region1.analytics.google.com www.googletagmanager.com cdn.jsdelivr.net api.eu.amplitude.com gs-cdn.optimonk.com wa.fundingcircle.com borrower-shared.fundingcircle.com cdn.segment.com www.google-analytics.com sts.eu-west-1.amazonaws.com *.trustpilot.com fc-auth-api.fundingcircle.com vc.hotjar.io w.usabilla.com cdn-custom.optimonk.com jfapiprod.optimonk.com *.googleapis.com flexipay-application-manager.fundingcircle.com *.onetrust.com api.neuro-id.com www.google.com *.googlesyndication.com eu-images.contentstack.com onsite.optimonk.com metrics.hotjar.io operation-diameter.fundingcircle.com *.mktoutil.com api.addressy.com api.cmp.inmobi.com cognito-identity.eu-west-1.amazonaws.com js.honeybadger.io *.facebook.net region1.google-analytics.com cmp.quantcast.com scripts.neuro-id.com *.licdn.com client.prod.mplat-ppcprotect.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: code.jquery.com ucm-us.verint-cdn.com app.swiftype.com www.google.com cdn3.userzoom.com *.licdn.com *.gstatic.com static.addtoany.com pm.geniusmonkey.com adservice.google.com t.co www.youtube.com www.google-analytics.com cdnjs.cloudflare.com *.crazyegg.com www.googletagmanager.com *.linkedin.com *.cap.org *.adnxs.com region1.analytics.google.com manifest.prod.boltdns.net www.google.com.br *.twitter.com *.mktoresp.com *.clarity.ms api.ipify.org *.googleadservices.com www.google.co.in rum-collector-2.pingdom.net wss://hoover.foresee.com munchkin.marketo.net edge.api.brightcove.com analytics.google.com *.akamaihd.net unpkg.com maxcdn.bootstrapcdn.com *.brightcove.net *.ads-twitter.com cf-images.us-east-1.prod.boltdns.net www.google.com.sa *.facebook.com rum-static.pingdom.net *.doubleclick.net vjs.zencdn.net metrics.brightcove.com *.facebook.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src fonts.gstatic.com use.typekit.net https://magento.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com https://www.facebook.com/ https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com https://gum.criteo.com/ https://api.sunset.systems/ https://targeting.voxus.tv/ https://springmedia.go2cloud.org/ https://googleads.g.doubleclick.net/ https://www.google.com.br/ https://tpc.googlesyndication.com/ https://static.criteo.net/ https://td.doubleclick.net/ https://fledge.us.criteo.com/ https://www.googletagmanager.com/ https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com https://converse.com.br https://mcstaging.converse.com.br https://www.google.com.br https://conectiva.io https://s.ad.smaato.net https://simage2.pubmatic.com https://ade.clmbtech.com/ https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://x.bidswitch.net/ https://cm.g.doubleclick.net https://ib.adnxs.com/ https://secure.adnxs.com https://pixel.rubiconproject.com/ https://match.sharethrough.com https://rtb-csync.smartadserver.com https://sync-t1.taboola.com/ https://criteo-sync.teads.tv https://eb2.3lift.com/ https://ups.analytics.yahoo.com/ https://tg.socdm.com/ https://visitor.omnitagjs.com https://gum.criteo.com https://r.casalemedia.com https://ads.stickyadstv.com https://ad.360yield.com https://matching.ivitrack.com https://i.liadm.com/ https://exchange.mediavine.com https://c.bing.com/ https://trends.revcontent.com https://criteo-partners.tremorhub.com/ https://contextual.media.net https://dis.criteo.com https://tags.bluekai.com https://cm.adgrx.com https://sync.outbrain.com https://bat.bing.com https://device.clearsale.com.br https://c.clarity.ms https://rsp.servername.net http://rsp.servername.net https://googleads.g.doubleclick.net/ http://www.googleadservices.com/ https://idsync.rlcdn.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com https://adobe.com/ www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net https://amcglobal.sc.omtrdc.net/ commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://adyen.com https://assets.adobedtm.com/ https://secure.authorize.net/ https://test.authorize.net/ https://js.braintreegateway.com/ https://unpkg.com/ https://commerce.adobedtm.com/ https://commerce.adobe.net/ https://use.typekit.net/ https://t.paypal.com https://magento-recs-sdk.adobe.net https://s.ytimg.com https://magento-ds.com http://www.facebook.com https://connect.facebook.net https://graph.facebook.com/ https://business.facebook.com/ https://google.com.br/ https://gstatic.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ http://www.paypal.com http://www.paypalobjects.com https://www.googleoptimize.com https://static.zdassets.com/ https://device.clearsale.com.br https://dynamic.criteo.com https://www.rtb123.com https://conectiva.io https://analytics.tiktok.com https://cdn.targeting.voxus.com.br https://app.cartstack.com.br https://bat.bing.com https://static.hotjar.com https://service.maxymiser.net https://googleads.g.doubleclick.net https://widget-mediator.zopim.com https://sslwidget.criteo.com https://www.clarity.ms https://targeting.voxus.com.br https://script.hotjar.com/ https://tpc.googlesyndication.com *.googleapis.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://adobe.com fonts.googleapis.com https://fonts.googleapis.com https://magento.com *.fontawesome.com https://gstatic.com https://use.typekit.net https://p.typekit.net *.googleapis.com *.google.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://static.zdassets.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io https://*.adyen.com https://dpm.demdex.net https://amcglobal.sc.omtrdc.net *.google-analytics.com https://commerce.adobedtm.com https://commerce.adobedc.net https://*.snplow.net https://api.magento.com https://*.adobe.io https://performance.typekit.net https://www.sandbox.paypal.com https://www.paypalobjects.com https://www.paypal.com https://pilot-payflowlink.paypal.com https://commerce.adobe.io https://commerce.adobe.net https://qa-api.magedevteam.com https://*.sentry.io http://magento.com https://magento.com http://stats.g.doubleclick.net https://stats.g.doubleclick.net http://www.google-analytics.com https://www.google-analytics.com https://www.facebook.com https://connect.facebook.net https://graph.facebook.com https://business.facebook.com t.elasticsuite.io https://analytics.google.com/ https://ekr.zdassets.com/ https://conscooper.zendesk.com wss://widget-mediator.zopim.com https://analytics.tiktok.com https://targeting.voxus.com.br/ https://api.performa.ai https://www.google.com.br https://bat.bing.com/ https://api.ipify.org https://logs-01.loggly.com/ https://api.voxus.tv https://conectiva.io https://coopershoes.zendesk.com/ https://*.clarity.ms/ https://vc.hotjar.io/ https://pagead2.googlesyndication.com/ https://measurement-api.criteo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.brightcove.net skywest.dimelochat.com ajax.aspnetcdn.com www.skywestonline.com house-fastly-signed-us-east-1-prod.brightcovecdn.com oomessaging.service.signalr.net *.gstatic.com files-skywest-com.s3.us-west-2.amazonaws.com wss://oomessaging.service.signalr.net *.googleapis.com www.googletagmanager.com www.google-analytics.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.cloudflare.com *.twitter.com *.typekit.net *.googleapis.com *.fontawesome.com *.bootstrapcdn.com geowidget.easypack24.net *.twimg.com *.trustedshops.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.google.com/ *.doubleclick.net *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pay.google.com play.google.com testpay.autopay.eu pay.autopay.eu testcards.autopay.eu cards.autopay.eu *.twitter.com *.google.com *.addthis.com consentcdn.cookiebot.com ct.pinterest.com profiling.clickonometrics.pl tbl.tradedoubler.com qx1wvp0fr44qzi0yebexmrer.snrpush.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com sync.clickonometrics.pl devel-homla.push-ad.com creativecdn.com vars.hotjar.com static.addtoany.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.magezon.com platnosci.bm.pl platnosci-accept.bm.pl www.gstatic.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com www.googletagmanager.com conversionlabs.net.pl analytics.greensender.pl maps.gstatic.com maps.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: *.klarna.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu scontent-waw1-1.cdninstagram.com app.push-ad.com ct.pinterest.com www.google.pl pixel.wp.pl homla.com.pl *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com testcards.autopay.eu cards.autopay.eu pay.google.com *.google-analytics.com *.cloudflare.com *.twitter.com googletagmanager.com *.gstatic.com *.trustedshops.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com apis.google.com widgets.pinterest.com consent.cookiebot.com static.vidvi.com www.clarity.ms profiling.clickonometrics.pl cdn.jsdelivr.net api.mapbox.com geowidget.easypack24.net maps.googleapis.com bam.eu01.nr-data.net web.snrbox.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.snrcdn.net *.twimg.com *.usercentrics.eu bam.nr-data.net us-wbe.gr-cdn.com www.newsletter.homla.com.pl script.hotjar.com s.pinimg.com static.hotjar.com delivery.clickonometrics.pl web-sdk.smartlook.com wrap.tradedoubler.com chat-widget.thulium.com/ js-agent.newrelic.com pixel.wp.pl static.clickonometrics.pl bam-cell.nr-data.net unpkg.com static.addtoany.com ga.getresponse.com us-an.gr-cdn.com newsletter.homla.com.pl devel-homla.push-ad.com *.avada.io marketing.homla.com.pl *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com testpay.autopay.eu pay.autopay.eu testcards.autopay.eu cards.autopay.eu *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com geowidget.easypack24.net unsafe-inline *.snrcdn.net *.twimg.com *.trustedshops.com *.usercentrics.eu api3.push-ad.com devel-homla.push-ad.com marketing.homla.com.pl *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com chat-widget.thulium.com daviness.pl 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.google-analytics.com *.facebook.com *.facebook.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.twitter.com *.paypal.com b.clarity.ms region1.analytics.google.com delivery.clickonometrics.pl maps.googleapis.com bam.eu01.nr-data.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.snrbox.com *.twimg.com bam.nr-data.net in.hotjar.com vc.hotjar.io ga.getresponse.com app.push-ad.com manager.eu.smartlook.cloud ct.pinterest.com stats.g.doubleclick.net chat-widget.thulium.com bam-cell.nr-data.net api3.push-ad.com ga2.getresponse.com devel-homla.push-ad.com t.elasticsuite.io marketing.homla.com.pl *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://https://homla.com.pl/csp/reporturi; report-to report-endpoint; 1
default-src 'self' data: blob: https://www.nirfindia.org  https://www.google-analytics.com https://maps.googleapis.com https://maps.googleapis.com https://maps.gstatic.com;      script-src 'strict-dynamic' 'nonce-34acpg604aphcfg17rlan5lyxk6zzm' 'unsafe-inline' http: https: https://www.google-analytics.com  https://www.nirfindia.org ;     style-src 'unsafe-inline' https://www.nirfindia.org https://www.google-analytics.com https://fonts.googleapis.com;     script-src-elem https://www.nirfindia.org https://www.google-analytics.com https://maps.googleapis.com ;     img-src 'self' data: https://www.nirfindia.org  https://maps.googleapis.com https://www.google-analytics.com https://maps.googleapis.com https://maps.googleapis.com https://maps.gstatic.com;     object-src 'none';      base-uri 'none';      require-trusted-types-for 'script';      report-uri https://www.nirfindia.org/; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.6sense.com *.addthisedge.com *.omtrdc.net *.everesttech.net *.demdex.net *.adobedtm.com *.scene7.com *.akamaihd.net *.adnxs.com *.baidu.com *.prod.bidr.io *.btttag.com *.brightcove.com *.brightcove.net *.zencdn.net *.cloudflare.com *.contentsquare.net *.company-target.com *.demandbase.com *.doubleclick.net *.adsymptotic.com *.d41.co *.dynatrace.com *.facebook.com *.facebook.net *.fontawesome.com *.fullstory.com *.google.co.in *.google.co.jp *.google.co.uk *.google.com *.google.com.hk *.google.fr *.google.kr *.google.es *.google.de *.google.ru *.google.ie *.google.am *.google.com.co *.google.com.ph *.google.com.au *.google.hu *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hs.llnwd.net *.linkedin.com *.licdn.com *.i.lithium.com *.microsoftazuread-sso.com *.ni.com *.agkn.com *.newrelic.com *.nr-data.net *.moatads.com *.polyfill.io *.qualtrics.com *.quantcount.com *.quantserve.com *.rlcdn.com *.force.com *.salesforce.com *.salesforceliveagent.com *.pardot.com *.krxd.net *.rfihub.com *.serving-sys.com *.addthis.com *.adsrvr.org *.truste.com *.twitter.com *.ads-twitter.com t.co *.6sc.co *.rezync.com *.analytics.yahoo.com *.yimg.com unpkg.com *.psiexams.com *.systemlinkcloud.com *.systemlinkcloud.io mythinkscape.com *.mythinkscape.com *.multisim.com *.boltdns.net *.3playmedia.com *.paymetric.com *.captchas.net *.bing.com *.pagespeed-mod.com *.lithcloud.com *.jsdelivr.net *.cloudfront.net *.amazonaws.com *.day.com *.mathjax.org *.zoominsoftware.io *.bootstrapcdn.com *.nicdn.net *.leadsrx.com *.quizscape.com *.thoughtindustries.com *.wistia.com *.credly.com *.kbmax.com *.certain.com *.fonts.net *.typekit.net *.khoros.app.box.com *.limuirs-asset.lithium.com *.cookielaw.org *.windows.net data: blob; object-src 'none'; worker-src * data: blob: 'unsafe-inline';  media-src * data: blob: 'unsafe-inline'; connect-src * data: blob: 'unsafe-inline'; 1
font-src fonts.gstatic.com data: *.hotjar.com *.hotjar.io *.cloudfront.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.punchout2go.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com esqa.moneris.com www3.moneris.com *.dotdigital-pages.com *.dotdigital.com *.punchout2go.com data: e.bmr.co *.fls.doubleclick.net *.cloudfront.net *.hotjar.com *.hotjar.io insight.adsrvr.org www.facebook.net www.facebook.com *.google.ca *.moneris.com *.issuu.com notifications.wisepops.com wisepops.net *.addtoany.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.googleapis.com *.gstatic.com *.google.com *.googleusercontent.com *.trackedlink.net 'self' blob: data: www.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net  *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com maps.gstatic.com maps.googleapis.com www.bmr.ca *.hotjar.com *.hotjar.io *.cloudfront.net insight.adsrvr.org www.facebook.net www.facebook.com *.paypalobjects.com adserve.atedra.com cdn.wisepops.com tracking.wisepops.com dx4nr741tfc02.cloudfront.net wisp-production-storage.s3.amazonaws.com cdn.wisepops.net cdn.cookielaw.org *.flippenterprise.net *.wishabi.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com esqa.moneris.com www3.moneris.com polyfill.io *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.punchout2go.com data: e.bmr.co js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.g.doubleclick.net *.googletagmanager.com ssl.google-analytics.com www.google.com maps.googleapis.com s.yimg.com *.hotjar.com *.hotjar.io *.cloudfront.net r2-t.trackedlink.net connect.facebook.net connect.facebook.com www.gstatic.com z.moatads.com cdn.wisepops.com loader.wisepops.com app.getwisp.co wisepops.net cdn.wisepops.net plausible.io cdn.cookielaw.org *.addtoany.com *.wishabi.com *.flippenterprise.net *.flipp.com *.flippback.com 'self' blob: https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.punchout2go.com www.gstatic.com *.hotjar.com *.hotjar.io *.cloudfront.net cdn.cookielaw.org *.flippenterprise.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com *.gstatic.com *.google.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com bam.nr-data.net bam-cell.nr-data.net *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.hotjar.com *.hotjar.io s.yimg.com maps.googleapis.com www.facebook.com ct.pinterest.com activity.wisepops.com popup.wisepops.com tracking.wisepops.com app.getwisp.co wisepops.net plausible.io cdn.cookielaw.org *.flippenterprise.net *.flippback.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /csp-report.php; report-to report-endpoint; 1
default-src 'self' https:; connect-src 'self' https: wss:; script-src 'unsafe-inline' 'self' https:; worker-src blob:; style-src 'unsafe-inline' 'self' https:; object-src 'none'; img-src 'self' data: https:; frame-ancestors 'self' 1
object-src 'self'; script-src 'self' https://www.google.com 'unsafe-inline' https://statistiek.rijksoverheid.nl/; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://statistiek.rijksoverheid.nl/matomo.js https://www.google.com; style-src 'self'; frame-ancestors 'self' 1
default-src 'none' ; img-src 'self' data: https://blob.userflow.com https://cdn.userflow.com https://js.userflow.com https://storage.googleapis.com/studio1-prod-blob/ * ; connect-src 'self' https://browser-intake-datadoghq.eu https://rum.browser-intake-datadoghq.eu https://logs.browser-intake-datadoghq.eu https://session-replay.browser-intake-datadoghq.eu https://api.analytics.pigment.app https://cdn.analytics.pigment.app https://auth.pigment.app https://staging-login.pigment.app wss://pigment.app wss://e.userflow.com https://cdn.userflow.com https://e.userflow.com https://js.userflow.com https://inapp.planhat.com https://analytics.planhat.com https://rs.fullstory.com wss://rs.fullstory.com https://edge.fullstory.com https://global.oktacdn.com https://api.segment.io https://cdn.segment.com https://api.maptiler.com ; script-src 'self' cdn.analytics.pigment.app edge.fullstory.com rs.fullstory.com js.userflow.com cdn.userflow.com app.planhat.com cdn.announcekit.app cdn.segment.com ; frame-src announcekit.co auth.pigment.app staging-login.pigment.app ; style-src 'self' 'unsafe-inline' js.userflow.com cdn.userflow.com fonts.googleapis.com cdn.announcekit.co ; worker-src blob: ; font-src 'self' fonts.gstatic.com data: ; manifest-src 'self' ; object-src 'none' ; media-src https://blob.userflow.com https://cdn.userflow.com https://storage.googleapis.com/studio1-prod-blob/ ; frame-ancestors https://pigment7-dev-ed.develop.lightning.force.com/ https://pigment7-dev-ed--c.develop.vf.force.com/; base-uri 'self' ; form-action https://announcekit.co ; report-uri https://pigment.uriports.com/reports/report ; report-to report ; 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=merchant%2Fapp_details&source%5Buuid%5D=4cae6e02-de7c-448b-aa1e-953a2c88d387-1721957744 1
font-src fonts.gstatic.com use.typekit.net *.hotjar.com *.safetypay.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://test.oppwa.com/ https://oppwa.com/ https://eu-prod.oppwa.com/ https://www.datafast.com.ec/ *.safetypay.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com https://test.oppwa.com/ https://oppwa.com/ https://www.datafast.com.ec/ *.doubleclick.net *.groovinads.com *.freshchat.com *.safetypay.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://test.oppwa.com/ https://oppwa.com/ https://www.datafast.com.ec/ *.tia.com.ec app.tiamagento.test *.doubleclick.net *.groovinads.com www.google.com *.google.com www.google.es *.google.es www.googletagmanager.com *.googletagmanager.com *.googleapis.com *.cookie-script.com *.amazonaws.com *.safetypay.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com www.googletagmanager.com *.braindw.com https://test.oppwa.com/ https://oppwa.com/ https://eu-prod.oppwa.com/ https://www.datafast.com.ec/ *.tia.com.ec munchkin.marketo.net *.hotjar.com *.cookie-script.com *.newrelic.com *.smartlook.com *.dynatrace.com *.pushpushgo.com *.groovinads.com *.doubleclick.net *.google-analytics.com *.freshchat.com *.googleapis.com *.tiktok.com *.googleadservices.com *.qualtrics.com *.safetypay.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com https://test.oppwa.com/ https://oppwa.com/ https://eu-prod.oppwa.com/ https://www.datafast.com.ec/ *.freshchat.com *.safetypay.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.safetypay.com 'self' 'unsafe-inline'; media-src *.adobe.com *.safetypay.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.snplow.net commerce.adobedc.net api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.braindw.com https://test.oppwa.com/ https://oppwa.com/ https://eu-prod.oppwa.com/ https://www.datafast.com.ec/ *.mktoresp.com *.hotjar.com *.cookie-script.com *.nr-data.net *.hotjar.io *.smartlook.cloud *.doubleclick.net *.googleapis.com *.google.com www.googletagmanager.com *.googletagmanager.com *.analytics.google.com *.tiktok.com *.qualtrics.com *.googlesyndication.com *.adobe.com *.safetypay.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.google-analytics.com analytics.google.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.safetypay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.safetypay.com 'self' 'unsafe-inline'; 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https:           data:; font-src https: data:; report-uri /csp-report 1
script-src 'unsafe-inline' 'unsafe-eval' cdn2.hubspot.net *.hubspot.com *.hubspotusercontent10.net js.hscollectedforms.net js.hsleadflows.net js.hs-scripts.com js.hsadspixel.net js.hs-analytics.net js.hs-banner.com js.hs-banner.net *.hsforms.net *.hsforms.com static.hsappstatic.net js.hubspotfeedback.com feedback.hubapi.com js.usemessages.com *.vidyard.com cdnjs.cloudflare.com cdnjs.cloudflare.com 10921146.fls.doubleclick.net plausible.io *.hotjar.com *.hotjar.io *.qualified.com bttrack.com *.googletagmanager.com  *.force.com *.thycotic.com *.centrify.com *.bidr.io *.rlcdn.cm t.co *.twitter.com burly.io *.clickagy.com *.doubleclck.net *.zoominfo.com lltrck.com facebook.com *.facebook.net *.redditstatic.com *.linkedin.com *.licdn.com *.demandbase.com *.zoominfo.com 'strict-dynamic' 'nonce-K3YdA8bbvC/XgGSyBOZBvA=='; ; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://use.typekit.net https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.facebook.com https://www.googletagmanager.com *.paypal.com *.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://static.addtoany.com https://www.youtube.com https://www.facebook.com https://www.googletagmanager.com *.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.magentocommerce.com https://www.google.com/ads/ https://www.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com commerce.adobedtm.com assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.adobe.net *.getcloudcherry.com *.cloudcherry.com https://static.addtoany.com https://www.googletagmanager.com https://cdn.mouseflow.com https://connect.facebook.net https://js-agent.newrelic.com https://www.google.com https://bam.nr-data.net https://www.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.googleapis.com/css https://use.typekit.net https://p.typekit.net unsafe-inline downloads.mailchimp.com *.googleapis.com *.addtoany.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.magento.com *.adobedc.net https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://maps.googleapis.com https://bam.nr-data.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://get.geojs.io *.avada.io http://dpm.demdex.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self'; default-src 'self'; connect-src 'self' https://score.juicyscore.com https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru https://stage.dev.digido.ph https://digido.ph https://static.site-chat.me wss://stage.dev.digido.ph wss://digido.ph data:; script-src 'sha256-+VnDflT3t8heYShYY7Z+PKL93GlwBC26/1sZ+WhnDPM=' 'nonce-ZxaPe3Q9awMzLijYg3VVkw==' 'self' 'self' https://score.juicyscore.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://static.cloudflareinsights.com https://connect.facebook.net https://www.facebook.com https://mc.yandex.ru https://yastatic.net https://cdn.jsdelivr.net https://static.site-chat.me; img-src 'self' https://www.googletagmanager.com https://www.google.ru https://www.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://digido.ph https://stage.dev.digido.ph https://www.facebook.com https://mc.yandex.ru https://mc.webvisor.org data:; font-src 'self' https://fonts.gstatic.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; frame-src 'self' www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://www.facebook.com https://mc.yandex.ru blob:; form-action 'self' https://www.facebook.com; frame-ancestors 'none'; child-src blob:  https://mc.yandex.ru; object-src 'none'; report-uri /prometheus-report 1
script-src 'self' https://cloud.typography.com/7315076/7256812/css/fonts.css siteimproveanalytics.com ; object-src 'none'; img-src *.siteimproveanalytics.io 1
font-src *.fontawesome.com *.helloumi.com *.flixfacts.com *.flixcar.com cdn.sancta-domenica.hr *.esisapp.com data: *.criteo.com media.sancta-domenica.h *.googleapis.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.txpmnts.com *.facebook.com cdn.sancta-domenica.hr *.criteo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://ipgtest.monri.com/ https://ipg.monri.com/ landbot.io *.flixcar.com *.facebook.com *.facebook.com/tr *.twitter.com *.google.com *.youtu.be *.txpmnts.com *.addthis.com *.monri.com cdn.sancta-domenica.hr *.loadbee.com consentcdn.cookiebot.com *.samsung.com *.criteo.com *.sancta-domenica.hr *.weltpixel.com *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.helloumi.com storage.googleapis.com *.flixcar.com *.flix360.com *.twitter.com *.pinterest.com *.news.samsung.com *.moja-trgovina.net *.jwpsrv.com *.samsung.com promocije.sancta-domenica.hr cdn.sancta-domenica.hr *.google.com *.google.de *.facebook.com *.kxcdn.com *.nrholding.net fugajcreative.hr *.doubleclick.net *.google.hr *.webpushr.com *.prismic.io *.esisapp.com *.esisatc.com *.googletagmanager.com *.bosch-home.com *.criteo.com media.sancta-domenica.hr *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io https://ipgtest.monri.com/ https://ipg.monri.com/ api.exponea.com *.helloumi.com *.facebook.net *.pinterest.com *.google.com *.twitter.com *.flixfacts.com *.flixcar.com *.loadbee.com *.channelsight.com *.txpmnts.com *.addthis.com *.moatads.com *.addthisedge.com *.gstatic.com *.mailerlite.com *.zdassets.com *.webpushr.com *.zopim.com *.doubleclick.net *.monri.com cdn.sancta-domenica.hr *.adform.net inte.searchnode.io *.esisapp.com *.cookiebot.com *.flix360.io consentcdn.cookiebot.com bam.eu01.nr-data.net *.newrelic.com *.googleapis.com *.criteo.com static.criteo.net *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.flixcar.com *.flixfacts.com fugajcreative.hr static.mailerlite.com cdn.sancta-domenica.hr media.sancta-domenica.hr *.esisapp.com *.criteo.com *.googleapis.com tagmanager.google.com blob: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com cdn.sancta-domenica.hr *.youtube.com *.youtu.be *.criteo.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io *.exponea.com *.addthis.com *.google-analytics.com *.doubleclick.net bot.webpushr.com analytics.webpushr.com *.zdassets.com sanctadomenica.zendesk.com wss://widget-mediator.zopim.com cdn.sancta-domenica.hr *.loadbee.com *.esisapp.com *.google.com bam.eu01.nr-data.net *.cookiebot.com *.searchnode.net *.criteo.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.infonet.com.py *.infonet.com.py:8888/ https://vpos.infonet.com.py:8888/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net integration-5ojmyuq-qoiivjresdo6e.us-5.magentosite.cloud cdn.leadster.com.br www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com *.google.co.in data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net * plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com unpkg.com commerce.adobedtm.com assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.infonet.com.py:8888/ *.newrelic.com *.nr-data.net *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com *.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com tagmanager.google.com ssl.google-analytics.com connect.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.fontawesome.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io * plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.infonet.com.py:8888 *.infonet.com.py *.nr-data.net https://viacep.com.br https://www.viacep.com.br https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.se https://www.myheritage.se  'unsafe-eval' 'nonce-963123ec101a0a108a53d5e4622c73ea' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.se;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net *.klevu.com *.ksearchnet.com *.fontawesome.com *.stripe.com *.klarna.com *.klarnaevt.com *.klarnacdn.net klarna.com https://fonts.gstatic.com https://static.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.facebook.com * *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.zenaps.com *.fls.doubleclick.net *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com account.fetchify.com *.google.com/ *.stripe.com * *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.awin1.com *.zenaps.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://www.magezon.com  https://tracking.recommend.pro *.googleapis.com * www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.facebook.com https://connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com s7.addthis.com *.avada.io *.google.com/ *.stripe.com *.klevu.com https://maps.googleapis.com  https://tracking.recommend.pro https://static.hotjar.com * js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com cc-cdn.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.stripe.com *.klarna.com *.klarnaevt.com *.klarnacdn.net assets.braintreegateway.com tagmanager.google.com https://fonts.googleapis.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://the.sciencebehindecommerce.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.stripe.com https://developer.adobe.com  https://tracking.recommend.pro https://maps.googleapis.com * api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com tracking.recommend.pro https://www.google-analytics.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com maps.googleapis.com maps.gstatic.com 'self' data: www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.mlstatic.com *.mercadopago.com maps.googleapis.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com fonts.googleapis.com fonts.gstatic.com *.fontawesome.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.mercadopago.com *.mercadolibre.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com chart.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://mobbex.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mobbex.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com chart.googleapis.com *.googletagmanager.com *.facebook.net *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mobbex.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com chart.googleapis.com *.google-analytics.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mobbex.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com *.instagram.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://plumrocket.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.trustpilot.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com *.cdninstagram.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.instagram.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io https://cdnjs.cloudflare.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com *.trustpilot.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline *.googleapis.com *.gstatic.com *.trustpilot.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com t.elasticsuite.io *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://testgallito.free.beeceptor.com; report-to default; 1
default-src 'self'; script-src  ajax.googleapis.com googletagmanager.com clickiocmp.com cse.google.com s.clickiocdn.com facebook.com; style-src 'self'; 1
font-src fonts.gstatic.com use.typekit.net *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.affirm.com *.affirm.ca *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com www.xtento.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.affirm.com *.affirm.ca *.b0e8.com *.klevu.com *.ksearchnet.com www.xtento.com cdn.xtento.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.pixriot.com *.storeimaging.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.affirm.com *.affirm.ca *.b0e8.com *.bc0a.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com js.klevu.com *.ksearchnet.com www.xtento.com cdn.xtento.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.affirm.com *.affirm.ca *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.pixriot.com *.storeimaging.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; media-src https: http: rtsp: rtmp: data:; report-uri /csp-report 1
base-uri 'self'; child-src 'self' https: http://localhost:* data: blob:; connect-src 'self' https: http://localhost:* wss: data: blob:; default-src 'none'; font-src 'self' https: http://localhost:* http://themes.googleusercontent.com data:; form-action 'self'; frame-ancestors 'self' https://app.eu.pendo.io; frame-src 'self' https: http://localhost:* data: blob:; img-src 'self' https: data: blob:; media-src 'self' https: data:; script-src 'self' https: http://localhost:* blob: 'unsafe-inline' 'unsafe-eval' 'report-sample'; style-src 'self' https: http://localhost:* data: 'unsafe-inline' 'report-sample'; worker-src 'self' blob:; report-uri https://linnworks17.report-uri.com/r/d/csp/reportOnly 1
font-src *.cloudflare.com *.bootstrapcdn.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.facebook.com *.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.cloudfront.net *.baen.com *.twitter.com *.twimg.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com *.twitter.com *.twimg.com *.fontawesome.com *.facebook.net *.authorize.net *.simpli.fi js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.gstatic.com *.twitter.com *.twimg.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.authorize.net *.google-analytics.com *.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src d.digsgogo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-YQsXOIzv6W76kUT2SuFyOw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://spy.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: api.miluim.idf.il www.youtube.com translate.google.com fecdn.user1st.info *.googleapis.com *.gstatic.com www.googletagmanager.com pa.miluim.idf.il www.miluim.idf.il stats.tehila.gov.il www.google.com pdfutils.miluim.idf.il www.google-analytics.com paapi.miluim.idf.il ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-nCFucST8P_6MCLozcmbgWg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-sni5spWoNJ3vRa0A0BF6cw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-MQHZyj5NS4Xss5TE58b3LQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdn.tagcommander.com https://cdnjs.cloudflare.com https://instant.page https://polyfill.io https://unpkg.com https://use.fontawesome.com https://www.google.com; script-src-attr 'self'; script-src-elem 'self' http://pero.securite-routiere.gouv.fr https://www.gstatic.com https://www.youtube.com https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://server.adform.net/Serving/TrackPoint/ https://cdn.jsdelivr.net https://cdn.tagcommander.com https://cdnjs.cloudflare.com https://instant.page https://polyfill.io https://unpkg.com https://use.fontawesome.com https://www.google.com; style-src 'self' code.ionicframework.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; style-src-attr 'self'; frame-ancestors 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-u97BzXXVp7RNjhCqnvpzKw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fundingchoicesmessages.google.com warp.media.net media.weplayed.com *.googlesyndication.com fightingillini.com *.adsrvr.org hblg.media.net *.infolinks.com lb.eu-1-id5-sync.com *.gstatic.com *.demdex.net *.casalemedia.com *.2mdn.net a.ad.gt *.adroll.com launchpad-wrapper.privacymanager.io www.google.com *.rfihub.com onetag-sys.com *.criteo.com pixels.ad.gt *.adsafeprotected.com sync.colossusssp.com sidearm-syndication.s3.amazonaws.com s.yimg.com *.dotomi.com *.flashtalking.com *.adnxs.com idsync.rlcdn.com pn.ybp.yahoo.com ups.analytics.yahoo.com *.amazon-adsystem.com proton.ad.gt t.fightingillini.com d-code.liadm.com ssp.disqus.com *.smartadserver.com *.googleapis.com ids.ad.gt *.rubiconproject.com analytics.google.com www.google-analytics.com id5-sync.com contextual.media.net pixel.quantserve.com b.sharethrough.com eb2.3lift.com ab.weplayed.com images.sidearmdev.com rum-static.pingdom.net di.rlcdn.com *.cloudfront.net *.everesttech.net bcp.crwdcntrl.net ad.360yield.com p.ad.gt api.intentiq.com www.youtube.com c.ltmsphrcl.net px.moatads.com beap-bc.yahoo.com www.googletagmanager.com *.doubleclick.net img.en25.com choices.truste.com cdn.krxd.net transcend-cdn.com *.openx.net *.imrworldwide.com lex.33across.com agen-assets.ftstatic.com www.googletagservices.com *.googleadservices.com tags.crwdcntrl.net rp.liadm.com invstatic101.creativecdn.com cdnjs.cloudflare.com *.sidearmsports.com exch.prreqcroab.icu bpi.rtactivate.com ats-wrapper.privacymanager.io partners.tremorhub.com i.ytimg.com i.clean.gg lexicon.33across.com trackedevt.1rx.io choices.trustarc.com vjs.zencdn.net *.amazon.com s3.amazonaws.com *.zemanta.com geo.privacymanager.io nrb.ybp.yahoo.com *.facebook.com *.bidswitch.net d.turn.com *.criteo.net cdn.js7k.com *.twitter.com sb.scorecardresearch.com protected-by.clarium.io pixel.tapad.com sync.intentiq.com sync.go.sonobi.com *.pubmatic.com data.ad-score.com sync.1rx.io id.hadron.ad.gt a-iad3.1rx.io *.facebook.net app.fightingillini.com cdn.id5-sync.com cdn.hadronid.net launchpad.privacymanager.io cdn.confiant-integrations.net m.media-amazon.com secure.cdn.fastclick.net js.ad-score.com adservice.google.com telemetry.transcend.io *.lijit.com *.doubleverify.com cdn.jsdelivr.net idx.liadm.com *.akamaihd.net seg.ad.gt athletics.fightingillini.com cdn.prod.uidapi.com rum-collector-2.pingdom.net *.agkn.com cdn-ima.33across.com prod.us-east-1.cxm-bcn.publisher-services.amazon.dev ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src *.googleapis.com *.gstatic.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com *.yotpo.com cdn.livehelpnow.net x.klarnacdn.net https://*.hotjar.com static.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to *.authorize.net https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net unsafe-inline 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.awin1.com *.zenaps.com *.fls.doubleclick.net magento-cloudflare.jetrails.com *.google.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.wesupply.xyz https://wesupplylabs.com *.nosto.com *.nos.to *.authorize.net https://plumrocket.com https://accounts.google.com *.weltpixel.com www.xtento.com *.yotpo.com c.sharethis.mgr.consensu.org cdn.justuno.com t.sharethis.com js.klarna.com www.googletagmanager.com cdn.jst.ai 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.googleapis.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.awin1.com *.zenaps.com *.ytimg.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://www.magezon.com https://meetanshi.com/media/logo.png www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to store.paradoxlabs.com www.xtento.com cdn.xtento.com *.yotpo.com challenge.livehelpnow.net cdn.userway.org developer.livehelpnow.net www.livehelpnow.net bat.bing.com platform-cdn.sharethis.com www.google.co.in l.sharethis.com fabrics-media.moodfabrics.com verify.authorize.net x.klarnacdn.net www.moodfabrics.com eqkuzx7g.cdn.imgeng.in *.reddit.com *.jst.ai *.acsbapp.com https://*.hotjar.com static-na.payments-amazon.com *.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com pinterest.com www.pinterest.com s.pinimg.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com *.google.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.nosto.com *.nos.to *.authorize.net https://accounts.google.com https://www.gstatic.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com *.yotpo.com js-agent.newrelic.com bam.nr-data.net na-library.klarnaservices.com cdn.userway.org challenge.livehelpnow.net moodfabrics.atlassian.net cdn.polyfill.io acsbapp.com developer.livehelpnow.net bat.bing.com rum-static.pingdom.net cdn.justuno.com analytics.tiktok.com platform-api.sharethis.com buttons-config.sharethis.com t.sharethis.com my.justuno.com aly.justuno.com x.klarnacdn.net unsafe-inline tools.ietf.org tools.justuno.com static-tracking.klaviyo.com www.redditstatic.com *.convertexperiments.com *.jst.ai *.clarity.ms https://*.hotjar.com fonts.gstatic.com fonts.googleapis.com *.webeyez.com maxcdn.bootstrapcdn.com *.cloudfront.net *.amazonaws.com code.jquery.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com *.nosto.com *.nos.to https://accounts.google.com https://www.gstatic.com tagmanager.google.com *.yotpo.com *.googleapis.com static.klaviyo.com developer.livehelpnow.net x.klarnacdn.net *.jst.ai https://*.hotjar.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com https://the.sciencebehindecommerce.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to *.authorize.net https://accounts.google.com https://www.google-analytics.com *.yotpo.com bam.nr-data.net cafea271.klarnauserservices.com evt-na.klarnaservices.com static-forms.klaviyo.com api.userway.org developer.livehelpnow.net app.livehelpnow.net bsrx9ma6.klarnaservices.com cdn.acsbapp.com l.sharethis.com a.klaviyo.com stats.g.doubleclick.net rum-collector-2.pingdom.net na.klarnaevt.com telemetrics.klaviyo.com analytics.tiktok.com maps.googleapis.com *.clarity.ms *.jst.ai wss://app.livehelpnow.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.webeyez.com *.analytics.google.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.moodfabrics.com/rest/all/V1/cspmanager/frontend_report; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-TRMIJGttKstcC9LoNYbFFw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'self'; report-uri https://www.bestrecipes.com.au/csp-reports 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleapis.com io.vtex.com.br activity-flow.vtex.com af-origin.vtex.com stackpath.bootstrapcdn.com www.googletagmanager.com *.vtexassets.com www.google-analytics.com rc.vtex.com *.vteximg.com.br *.facebook.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-7-54FEz0Kwt6e3iqhF4MuA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'none'; base-uri 'self'; child-src 'self' blob:; connect-src 'self' bam.nr-data.net links.services.disqus.com cdn.cookielaw.org api.segment.io *.mapbox.com *.mux.com analytics.google.com www.google-analytics.com geolocation.onetrust.com wss: *.wahooligan.com; font-src 'self' cdn.wahooligan.com fonts.gstatic.com moz-extension data:; form-action 'self' www.wahooligan.com *.wahoofitness.com wahoofitness.zendesk.com api.wahooligan.com *.wahooligan.com; frame-src 'self' disqus.com metabase.wahooligan.com www.youtube-nocookie.com js.stripe.com; img-src 'self' cdn.wahooligan.com www.wahoofitness.com links.services.disqus.com www.gstatic.com www.google-analytics.com data: blob:; media-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.wahooligan.com www.google-analytics.com api.tiles.mapbox.com code.jquery.com cdn.segment.com cdnjs.cloudflare.com js.stripe.com js-agent.newrelic.com bam.nr-data.net bam.nr-data.com assets.zendesk.com static.zdassets.com cdn.cookielaw.org c.disquscdn.com optanon.blob.core.windows.net www.gstatic.com data: *.wahooligan.com; script-src-elem 'self' 'unsafe-inline' cdn.wahooligan.com code.jquery.online code.jquery.com cdn.cookielaw.org cdn.segment.com bam.nr-data.com bam.nr-data.net www.googletagmanager.com js-agent.newrelic.com optanon.blob.core.windows.net assets.zendesk.com www.google-analytics.com api.tiles.mapbox.com cdnjs.cloudflare.com geolocation.onetrust.com www.gstatic.com js.stripe.com *.wahooligan.com; style-src 'self' 'unsafe-inline' fonts.gstatic.com cdn.cookielaw.org fonts.googleapis.com api.tiles.mapbox.com cdn.wahooligan.com c.disquscdn.com www.gstatic.com; style-src-elem 'self' 'unsafe-inline' cdn.wahooligan.com cdn.cookielaw.org assets.zendesk.com api.tiles.mapbox.com fonts.googleapis.com www.gstatic.com; report-uri https://www.wahooligan.com/csp_reports 1
base-uri 'self'; frame-src 'self' cookiejar.mondly.com www.facebook.com optimize.google.com bid.g.doubleclick.net secure.livechatinc.com www.googletagmanager.com 7f075c3104c14b369e4245a534bf1142.pages.ubembed.com secure.2checkout.com 2pay-js.2checkout.com; frame-ancestors 'self' *.mondly.com; font-src 'self' data: d37sy4vufic209.cloudfront.net fonts.gstatic.com; img-src 'self' data: https://*; media-src 'self' d37sy4vufic209.cloudfront.net mondly-languages-audio.azureedge.net; style-src 'self' 'unsafe-inline' d37sy4vufic209.cloudfront.net optimize.google.com fonts.googleapis.com tagmanager.google.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' d37sy4vufic209.cloudfront.net www.google.com connect.facebook.net cdn.livechatinc.com api.livechatinc.com optimize.google.com tagmanager.google.com secure.livechatinc.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com ssl.google-analytics.com googleads.g.doubleclick.net 7f075c3104c14b369e4245a534bf1142.js.ubembed.com analytics.tiktok.com assets.ubembed.com cdn.cookielaw.org www.googleoptimize.com static.ads-twitter.com www.clarity.ms secure.2checkout.com 2pay-js.2checkout.com 1
default-src 'self'; script-src 'self' https://agrilife.org; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://agrilife.org; 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk *.chatcora.natwest.com   *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.google.ie *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.neolane.net *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.snapchat.com *.ulsterbank.co.uk *.ulsterbank.com *.ulsterbankanytimebanking.co.uk *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net static.ads-twitter.com t.co www.brightedge.com; upgrade-insecure-requests; block-all-mixed-content; report-uri https://ulsterbankni.report-uri.com/r/t/csp/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-DQZietp8U5GsuvN4eZhHuQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-ZFgn5Byz3lGcXtGDrnYYrw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://dqzvgunkova5o.cloudfront.net; script-src 'nonce-d316617884b24a5481ca01364ee5f9f5'  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://dqzvgunkova5o.cloudfront.net; style-src 'self' 'nonce-d316617884b24a5481ca01364ee5f9f5'  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://dqzvgunkova5o.cloudfront.net; img-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://dqzvgunkova5o.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://*.ytimg.com; media-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://dqzvgunkova5o.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://www.youtube.com https://youtube.com https://*.googlevideo.com; frame-src https://www.youtube.com https://youtube.com https://*.googlevideo.com https://*.twimg.com https://player.twitch.tv/  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://dqzvgunkova5o.cloudfront.net; report-uri https://www.amazon.com/1/batch/2/OE/mid=ATVPDKIKX0DER:sid=130-4512705-1325055:rid=161424CEF44447B6BDC9:sn=www.newworld.com 1
default-src 'self'; connect-src 'self' *.appmaster.io https://analytics.google.com https://*.analytics.google.com https://www.google-analytics.com  https://forms.hsforms.com https://maps.googleapis.com https://stats.g.doubleclick.net www.google.com; font-src 'self' data: https: ; img-src 'self' data: blob: https: ; media-src 'self' data: blob: https: ; object-src 'none'; frame-src 'self' *.appmaster.io *.recaptcha.net *.youtube.com widget.canny.io; base-uri 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample' *.appmaster.io *.hsforms.net https://maps.googleapis.com/maps/api/js https://www.googletagmanager.com/gtag/js https://www.gstatic.com/recaptcha/ *.recaptcha.net *.canny.io; manifest-src 'self'; script-src-elem 'self' 'unsafe-inline' *.appmaster.io *.hs-scripts.com *.hs-analytics.net *.hs-banner.com www.googletagmanager.com chat.appmaster.io;  style-src 'self' 'unsafe-inline' 'report-sample' *.appmaster.io https://fonts.googleapis.com; worker-src data: blob: studio.appmaster.io; report-uri https://s.appmaster.io/api/3/security/?sentry_key=f3a1f5e566804120856802b6ba1adda8; report-to apms; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.lowi.es www.google.es cdnjs.cloudflare.com *.facebook.net bat.bing.com cdn-eu.dynamicyield.com *.gstatic.com *.twitter.com www.googletagmanager.com t.womtp.com www.confianzaonline.es ws.walmeric.com www.google-analytics.com vc.hotjar.io bp.lowi.es *.doubleclick.net statics.des.lowi.es *.hotjar.com st-eu.dynamicyield.com cdn.co-buying.com apis.google.com statics.pro.env.lowi.es *.onetrust.com *.googleapis.com metrics.hotjar.io www.google.com *.demdex.net server.seadform.net *.ads-twitter.com www.google.com.mx ikaue-xpa-gateway-79cv1gog.wm.gateway.dev www.google.com.pe statics.pre.env.lowi.es region1.analytics.google.com analytics.google.com cdn.cookielaw.org t.co *.facebook.com europe-west1-lowi-ga.cloudfunctions.net *.tiktok.com *.r.appspot.com www.youtube.com *.googlesyndication.com adservice.google.com content.hotjar.io cdn.jsdelivr.net *.googleadservices.com *.adform.net surveystats.hotjar.io api.ipgeolocation.io async-px-eu.dynamicyield.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self'; script-src 'report-sample' 'self' https://bat.bing.com/bat.js https://cdn.prod.uidapi.com/uid2-sdk-3.2.0.js https://cdn.taboola.com/libtrc/unip/1612325/tfa.js https://cdn.taboola.com/scripts/cds-pips.js https://cdn.wisepops.com/shared/wisepops/2QiX32C8gm3wZywqFsKt/497202.js https://connect.facebook.net/en_US/fbevents.js https://dev.visualwebsiteoptimizer.com/settings.js https://df8nroy20256x.cloudfront.net/cannella_IFCJ.js https://e.acuityplatform.com/pj https://embedsocial.com/cdn/ht.js https://extend.vimeocdn.com/ga/142225860.js https://getrockerbox.com/jpuid https://ifcj.disqus.com/embed.js https://js-agent.newrelic.com/nr-spa-1.249.0.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://loader.wisepops.com/get-loader.js https://origin.acuityplatform.com/event/v2/pixel.js https://rb73pxgx.ifcj.org/assets/wxyz.rb.js https://s.yimg.com/wi/ytc.js https://static.ads-twitter.com/uwt.js https://trc.taboola.com/1612325/trc/3/json https://www.clarity.ms/tag/4g2s2gi63c https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtm.js https://www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/recaptcha__en.js; style-src 'report-sample' 'self' https://c.disquscdn.com https://embedsocial.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://activity.wisepops.com https://analytics.google.com https://api.intentiq.com https://bam.nr-data.net https://bat.bing.com https://cds.taboola.com https://dev.visualwebsiteoptimizer.com https://gtm-www.ifcj.org https://i.clarity.ms https://o.clarity.ms https://p.clarity.ms https://pips.taboola.com https://psb.taboola.com https://q.clarity.ms https://r2.visualwebsiteoptimizer.com https://s.clarity.ms https://s.yimg.com https://stats.g.doubleclick.net https://t.clarity.ms https://tracking.wisepops.com https://trc-events.taboola.com https://v.clarity.ms https://vulcan.ifcj.org https://wisepops.net https://x.clarity.ms https://z.clarity.ms; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://disqus.com https://embedsocial.com https://insight.adsrvr.org https://match.adsrvr.org https://td.doubleclick.net https://tsdtocl.com https://www.google.com https://www.youtube.com; img-src 'self' data: https://761rfa8jz8.execute-api.us-west-2.amazonaws.com https://analytics.google.com https://analytics.twitter.com https://arttrk.com https://bat.bing.com https://c.clarity.ms https://c.disquscdn.com https://cdn.wisepops.com https://ce.lijit.com https://cm.g.doubleclick.net https://datasrvsys.com https://dev.visualwebsiteoptimizer.com https://fei.pro-market.net https://googleads.g.doubleclick.net https://gtm-www.ifcj.org https://i.liadm.com https://idsync.rlcdn.com https://image2.pubmatic.com https://loadm.exelator.com https://match.adsrvr.org https://pixel.advertising.com https://pixel.rubiconproject.com https://pixel.tapad.com https://ps.eyeota.net https://r2.visualwebsiteoptimizer.com https://rb73pxgx.ifcj.org https://referrer.disqus.com https://s.ad.smaato.net https://sp.analytics.yahoo.com https://stags.bluekai.com https://stats.g.doubleclick.net https://sync.admanmedia.com https://sync.cootlogix.com https://sync.crwdcntrl.net https://sync.intentiq.com https://t.co https://www.facebook.com https://www.google.co.kr https://www.googletagmanager.com https://x.bidswitch.net; manifest-src 'self'; media-src 'self'; report-uri https://66991bf17c81f5ef7e3a74b7.endpoint.csper.io?v=3; worker-src blob:; 1
object-src 'none';base-uri 'self';script-src 'nonce-B9DjNr9V1yxAwaTbtWjIWw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.ender-informatics.ch; img-src 'self' data: data: secure.gravatar.com www.gravatar.com; worker-src 'self' blob:; frame-ancestors 'none' ; report-uri https://www.ender-informatics.ch?gdsih-csp-report; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com kit.fontawesome.com connect.facebook.net cdn.polyfill.io code.jquery.com www.google-analytics.com ssl.google-analytics.com www.googleoptimize.com script.crazyegg.com cdn.syndication.twimg.com speedtest.cable.co.uk cdnjs.cloudflare.com maxcdn.bootstrapcdn.com widget.trustpilot.com s3.amazonaws.com cable.us4.list-manage.com admin.cable.co.uk services.xg4ken.com unpkg.com script.hotjar.com static.hotjar.com c5.adalyser.com plausible.io consent.cookiebot.com consentcdn.cookiebot.com localhost:3000; connect-src 'self' *.fontawesome.com api.addressy.com wss://ws.hotjar.com *.hotjar.com content.hotjar.io cable.us4.list-manage.com admin.cable.co.uk stats.g.doubleclick.net plausible.io localhost:3000; img-src 'self' data: *.cable.co.uk www.google.com www.googletagmanager.com www.google.co.uk www.google-analytics.com s1.2mdn.net ad.doubleclick.net stats.g.doubleclick.net gtrk.s3.amazonaws.com pbs.twimg.com code.jquery.com 19.xg4ken.com s3-eu-west-1.amazonaws.com pcf.tdscd.com c5.adalyser.com v2.crocdn.com 54tgglb8.tinifycdn.com imgsct.cookiebot.com; style-src 'self' 'unsafe-inline' code.jquery.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com admin.cable.co.uk pro.fontawesome.com localhost:3000; font-src 'self' *.fontawesome.com maxcdn.bootstrapcdn.com admin.cable.co.uk data: localhost:3000; object-src 'self' api.ookla.com fpdownload.adobe.com; frame-src 'self' widget.trustpilot.com vars.hotjar.com googleads.g.doubleclick.net consentcdn.cookiebot.com data:; child-src 'self' blob:; report-uri /csp-violation-report/ 1
object-src 'none';base-uri 'self';script-src 'nonce-5ibxJLkAa5FpGSCyNwKaHQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self'; default-src 'self' https: wss: ws:; script-src 'self' 'unsafe-eval' https://cdn.jsdelivr.net/npm/cross-storage@1.0.0/dist/hub.min.js https://og-frontend.stg-east.frontend.public.atl-paas.net/assets/ https://*.services.atlassian.com https://code.jquery.com/jquery-3.6.0.min.js https://remote-app-switcher.stg-east.frontend.public.atl-paas.net https://translate.googleapis.com/_/translate_http/_/js/ https://ajax.googleapis.com/ajax/libs/jqueryui/1.13.2/jquery-ui.min.js https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js https://js.intercomcdn.com https://widget.intercom.io/widget/ https://www.gstatic.com/recaptcha/releases/ https://www.google.com/recaptcha/ https://js.stripe.com https://meet.jit.si https://bam.nr-data.net 'sha256-u8Qc9T1x0D5Z/CHTQ498yO/+i2ySExBMOwf4RL2t4WI=' 'sha256-FV4wGfcn2NrqSJwtGQUWZ2Ie5XrIVKqtnc6g2gmRRco=' 'sha256-6wRdeNJzEHNIsDAMAdKbdVLWIqu8b6+Bs+xVNZqplQw=' 'sha256-N6H1UNp6u4dhUx+FZUQMMcXz17KIEWQw+ZVCPp4d3Zo=' 'sha256-qyYeb40S0YW7zrzwvSX5SEThkjXxwfWSwDp+FlCY0ic=' 'sha256-XHhqFY/vlAF49XCJL4Eg+ttSAnGAobln30utBWOcPhU=' 'sha256-L8u6aiCFdh23FnTLOjO9T7p6zkSJPTaOzZoZUz9OnVQ=' 'sha256-ZMCyrJrkz95Pmv4GzcpT7uihWvUib4x2CFIKGfMsuYU=' 'sha256-ffGUIypjdVM8v7ybOzYmI52fKI8S9IVsUI1OqyrUw8Q=' 'sha256-4qVpzn2Bx0qK9KtIsF/n3VVomtjXD/qPqKpKFNRrMWY=' 'sha256-eETIIu3VZ7EA7inGoTk/IDe2GZACdmowaBuJOhm6Bik=' 'nonce-54512854df89684c260e95bfdbb3822a'; style-src 'self' 'unsafe-inline' https://*.opsgeni.us https://og-frontend.stg-east.frontend.public.atl-paas.net/assets/ https://fonts.googleapis.com/css2 data:; img-src 'self' data: https:; font-src 'self' https://og-frontend.stg-east.frontend.public.atl-paas.net/assets/ https://fonts.intercomcdn.com https://fonts.gstatic.com data:; frame-ancestors 'self' https://*.app.opsgeni.us https://*.opsgeni.us; form-action 'self'; report-uri https://web-security-reports.services.atlassian.com/csp-report/og-frontend; connect-src 'self' https: wss: ws:; object-src 'none'; frame-src 'self' https://*.opsgeni.us https://intercom-sheets.com https://*.atlassian.com https://*.opsgenie.com https://js.stripe.com https://reporting.opsgenie.com https://www.google.com 1
object-src 'none'; script-src 'self' 'unsafe-eval' fonts.googleapis translate.google.com translate.googleapis.com translate-pa.googleapis.com *.gstatic.com siteimproveanalytics.com *.siteimprove.com svc.webspellchecker.net js-agent.newrelic.com bam.nr-data.net cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://rebilly.github.io https://static.addtoany.com https://unpkg.com maps.googleapis.com platform.instagram.com platform.twitter.com; script-src-attr 'self'; script-src-elem 'self' fonts.googleapis translate.google.com translate.googleapis.com translate-pa.googleapis.com *.gstatic.com siteimproveanalytics.com *.siteimprove.com svc.webspellchecker.net js-agent.newrelic.com bam.nr-data.net cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://rebilly.github.io https://static.addtoany.com https://unpkg.com maps.googleapis.com platform.instagram.com platform.twitter.com; style-src 'self' fonts.googleapis translate.google.com translate.googleapis.com translate-pa.googleapis.com *.gstatic.com siteimproveanalytics.com *.siteimprove.com svc.webspellchecker.net js-agent.newrelic.com bam.nr-data.net cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://use.fontawesome.com; style-src-attr 'self'; frame-ancestors 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https:; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' wss: https:; object-src 'self'; child-src blob:; frame-src 'self' https:; worker-src blob:; frame-ancestors 'none'; base-uri 'none'; report-uri https://47327c6a613c1754bda1362d946d96dd.report-uri.com/r/t/csp/reportOnly; report-to csp-endpoint 1
img-src 'self' data: https: https://*.johnnybet.com/ https://*.johnnybet.com/; default-src 'none'; font-src 'self' data: https://fonts.gstatic.com/ https://*.johnnybet.com/ https://*.johnnybet.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://*.johnnybet.com/ https://*.johnnybet.com/; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com/ https://mc.yandex.ru/metrika/tag.js https://static.hotjar.com https://www.gstatic.com/recaptcha/ https://ajax.googleapis.com/ajax/libs/webfont/ https://www.googletagmanager.com/ https://*.google-analytics.com/ https://bam.nr-data.net/ https://js-agent.newrelic.com/ https://connect.facebook.net/ https://www.googleoptimize.com/ https://script.hotjar.com/ https://unpkg.com/ https://*.johnnybet.com/ https://faye.johnnybet.com/faye https://*.johnnybet.com/; media-src 'self' https://*.johnnybet.com/ https://*.johnnybet.com/; frame-src 'self' http: https:; manifest-src 'self' https://*.johnnybet.com/ https://*.johnnybet.com/; connect-src 'self' https://stats.g.doubleclick.net/ https://*.google-analytics.com/ https://bam.nr-data.net/ https://mc.yandex.md/ https://mc.yandex.ru/ https://yandexmetrica.com:* https://*.johnnybet.com/ https://faye.johnnybet.com/faye https://*.johnnybet.com/ 1
object-src 'none';base-uri 'self';script-src 'nonce-AEacu_JZSUno0eiuREJGsQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://js-agent.newrelic.com cdnjs.cloudflare.com https://ws.sharethis.com mdbootstrap.com stackpath.bootstrapcdn.com; script-src-attr 'self' 'unsafe-inline'; style-src 'self' fonts.googleapis.com mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; style-src-attr 'self'; frame-ancestors 'self' 1
default-src 'self' https://cdn-app.sberdevices.ru; script-src 'unsafe-eval' 'unsafe-inline' 'report-sample' 'self' abt.s3.yandex.net mapgl.2gis.com https://ad.adriver.ru https://cdn-app.sberdevices.ru/ https://code.jivo.ru/widget/CVgSX9az2t https://code.jivo.ru/widget/3PUKdqHYcF https://code.jivo.ru/js/bundle_ru_RU.js https://mc.yandex.ru https://top-fwz1.mail.ru/js/code.js https://vk.com/js/api/openapi.js https://www.google.com/recaptcha/api.js https://www.gstatic.com https://ai.github.io/audio-recorder-polyfill/polyfill.js https://sberdevices.smcrm.sber.ru https://static.smcrm.sber.ru/formPage.min.js https://static.crm.sbc.space/formPage.min.js https://b2b-bundle.crm.sbc.space https://app.sbercrm.com; style-src 'unsafe-inline' 'report-sample' 'self' https://cdn-app.sberdevices.ru https://code.jivo.ru https://static.smcrm.sber.ru/formPage.min.css https://static.crm.sbc.space/formPage.min.css; object-src 'none'; base-uri 'self'; connect-src 'self' blob: uaas.yandex.ru *.2gis.com https://api.eye.sbdv.ru http://127.0.0.1:29009 http://127.0.0.1:30102 ymetrica1.com yandexmetrica.com:30103 yandexmetrica.com:29010 https://mc.yandex.md https://mc.yandex.by https://mc.yandex.kz https://sm-smart-proxy-ift.apps.sgmd.sberdevices.ru https://stats.g.doubleclick.net/j/collect https://www.google-analytics.com https://sentry-api.sberdevices.ru https://cdn-app.sberdevices.ru https://mc.yandex.ru https://metrics.prom.third-party-app.sberdevices.ru https://top-fwz1.mail.ru https://vk.com https://node-sber1-az1-1.jivosite.com https://telemetry.jivosite.com/w https://app.kizen.com https://yandexmetrica.com https://crm.sbc.space https://smcrm.sber.ru https://mc.yandex.com wss://*.jivosite.com wss://*.jivo.ru https://*.jivo.ru https://app.sbercrm.com; font-src 'self' data: https://cdn-app.sberdevices.ru https://static.smcrm.sber.ru https://static.crm.sbc.space https://fonts.gstatic.com https://app.sbercrm.com; frame-src 'self' https://content.adriver.ru https://www.youtube.com https://vk.com https://player.vimeo.com https://www.google.com https://mc.yandex.ru https://mc.yandex.md https://www.youtube-nocookie.com https://kanzas.prom.app.sberdevices.ru cdn-sber-ru-video.sberdevices.ru; img-src 'self' data: https://top-fwz1.mail.ru https://favicon.yandex.net https://code.jivo.ru https://i.vimeocdn.com https://vk.com https://vk.com/rtrg https://www.googletagmanager.com https://i.ytimg.com https://www.google.md/ads/ga-audiences https://www.google.de/ads/ga-audiences https://www.google.ru/ads/ga-audiences https://cdn-app.sberdevices.ru https://vk.com https://www.google-analytics.com https://www.google.com/ads/ga-audiences https://mc.yandex.ru https://files.jivo.ru https://mc.yandex.md https://mc.yandex.com; manifest-src 'self'; media-src data: 'self' https://code.jivo.ru https://cdn-app.sberdevices.ru; frame-ancestors 'none'; report-uri https://sentry-api.sberdevices.ru/api/53/security/?sentry_key=1d9e9a95a396490881ec047a092a0639; worker-src 'none' 1
font-src fonts.gstatic.com maxcdn.bootstrapcdn.com www.manoloblahnik.com *.hotjar.com *.bglobale.com *.global-e.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cybersource.com www.facebook.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.adyen.com www.google.com *.hotjar.com *.cybersource.com www.facebook.com www.youtube-nocookie.com the-restory.app authentication.cardinalcommerce.com *.issuu.com *.online-metrix.net *.bglobale.com *.global-e.com testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com account.fetchify.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com validator.swagger.io t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.adyen.com blob *.alekseon-test.eu media-akam.licdn.com www.facebook.com maps.googleapis.com *.clarity.ms *.bing.com *.google.com *.googletagmanager.com manoloblahnik.com *.doubleclick.net.com ozplayer.global.ssl.fastly.net mcusercontent.com *.nr-data.net *.google.com.mx *.google.co.uk *.google.com.br *.google.co.in *.google.de *.google.com.tr *.google.co.il *.google.ca *.google.ro *.google.nl *.google.fr *.google.es *.google.ie *.google.com.pr *.google.it *.google.com.au *.google.com.ec *.google.com.ph *.google.com.sg *.google.com.pk *.google.at *.google.no *.google.cl *.google.co.kr *.google.se *.google.co.jp *.google.com.pe *.google.com.my *.google.co.th *.google.co.za *.google.com.ua *.google.sk *.google.com.ng *.google.pl *.google.be *.google.fi *.google.ae *.google.com.co *.google.co.id *.google.co.ve *.google.com.hk *.google.com.eg *.google.com.uy *.google.com.ar *.google.ch *.google.ru *.google.co.ke *.google.pt *.google.mu *.google.com.sa *.google.com.vn *.google.com.tw *.google.gr *.google.com.bd *.google.dk *.google.com.py *.google.ee *.google.co.nz *.google.co.ma *.google.cz *.google.lk *.google.bg *.google.rs *.google.com.do *.google.hu *.google.iq *.google.co.cr *.google.al *.google.jo *.google.hr *.google.com.pa *.google.com.cy *.google.com.gh *.google.lt *.google.kz *.google.com.np *.google.by *.google.dz *.google.com.sv *.google.hn *.google.com.kw *.google.com.et *.google.mk *.google.ge *.google.cn *.google.com.jm *.google.si *.google.co.ug *.google.lv *.google.md *.google.co.mz *.google.lu *.google.am; *.bglobale.com *.global-e.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com https://images.unsplash.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.adyen.com www.google.com www.gstatic.com maps.googleapis.com chimpstatic.com connect.facebook.net *.forter.com h.online-metrix.net cdnjs.cloudflare.com *.zdassets.com widget-mediator.zopim.com *.newrelic.com *.hotjar.com *.bing.com *.clarity.ms *.nr-data.net *.cardinalcommerce.com www.youtube.com *.online-metrix.net *.bglobale.com *.global-e.com polyfill.io testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fonts.net fonts.googleapis.com *.bootstrapcdn.com *.bglobale.com *.global-e.com cc-cdn.com *.fontawesome.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com manolo.alekseon-test.eu www.manoloblahnik.com *.zdassets.com *.g.doubleclick.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.forter.com *.cloudfront.net wss://cdn0.forter.com manoloblahnikhelp.zendesk.com *.zdassets.com *.widget-mediator.zopim.com widget-mediator.zopim.com wss://widget-mediator.zopim.com *.clarity.ms *.nr-data.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.googleapis.com *.bing.com stats.g.doubleclick.net www.google.com *.google.com www.facebook.com *.cardinalcommerce.com kg668dbov0.execute-api.us-east-1.amazonaws.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io thm.visa.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: cdn.elev.io *.klarnacdn.net maxcdn.bootstrapcdn.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.facebook.com 'self' connect.facebook.net graph.facebook.com business.facebook.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.consentmanager.net *.hotjar.com www.facebook.com https://www.googletagmanager.com/ *.klarna.com connect.facebook.net graph.facebook.com business.facebook.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net data: *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com validate.fishpig.co.uk *.googletagmanager.com fonts.gstatic.com *.consentmanager.net t.ssl.ak.dynamic.tiles.virtualearth.net r.bing.com www.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.klarna.com *.klarnaevt.com *.klarnacdn.net connect.facebook.net graph.facebook.com business.facebook.com test.saferpay.com www.saferpay.com saferpay.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de jsd-widget.atlassian.com *.plugins.emarsys.net *.scarabresearch.com *.googletagmanager.com *.google-analytics.com *.googleoptimize.com *.consentmanager.net ecn.dev.virtualearth.net dev.virtualearth.net www.bing.com t.ssl.ak.dynamic.tiles.virtualearth.net connect.facebook.net *.hotjar.com cdn.elev.io messenger.dixa.io *.sovendus.com www.sovendus-benefits.com www.sovendus-campaign.com www.sovendus-connect.com www.sovendus-network.com www.zeitung-direkt.de http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.klarna.com *.klarnacdn.net *.klarnaservices.com www.facebook.com graph.facebook.com business.facebook.com test.saferpay.com www.saferpay.com saferpay.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googletagmanager.com *.bing.com css/light.theme.css *.klarnacdn.net maxcdn.bootstrapcdn.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com m2test.hagel-shop.de www.hagel-shop.de http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de jsd-widget.atlassian.com api-private.atlassian.com *.scarabresearch.com *.eservice.emarsys.net *.google-analytics.com stats.g.doubleclick.net maps.googleapis.com www.bing.com *.hotjar.com wss://wsp30.hotjar.com/ *.hotjar.io *.elev.io http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com autocomplete2.postdirekt.de test.saferpay.com www.saferpay.com saferpay.com *.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.devfolio.co data:; script-src 'self' *.devfolio.co 'unsafe-eval' 'unsafe-inline' https://cdn.segment.com/ https://maps.googleapis.com/ https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://cdnmd.global-cache.online/ https://static.cloudflareinsights.com/ https://www.youtube.com/ https://checkout.razorpay.com/ https://apis.google.com/ https://gstatic.com/ https://ssl.gstatic.com/ https://player.vimeo.com/ https://connect.facebook.net/ https://google.com/ https://accounts.google.com/gsi/client https://ssl.google-analytics.com/ https://translate.googleapis.com/ https://unpkg.com/ https://cdn.rudderlabs.com https://www.pagespeed-mod.com/ https://www.google-analytics.com/ https://www.gstatic.com/ http://www.google.com/ *.cloudfront.net/ https://polyfill.io/ https://sessions.bugsnag.com/ https://d2wy8f7a9ursnm.cloudfront.net/v7/bugsnag.min.js https://cdn.tokenproof.xyz/js/tokenproof-oa-widget-v1.0.js blob: ; connect-src 'self' *.devfolio.co https://sessions.bugsnag.com/ https://maps.googleapis.com/ https://api.segment.io/ https://cdn.segment.com/ https://autocomplete.clearbit.com/ wss://*.devfolio.co/ https://lh3.googleusercontent.com/ https://sentry.io/ https://vimeo.com/ wss://*.bridge.walletconnect.org/ https://mainnet.infura.io wss://mainnet.infura.io https://arbitrum-mainnet.infura.io wss://eth-mainnet.ws.alchemyapi.io/ https://eth-mainnet.alchemyapi.io/ https://arb-mainnet.g.alchemy.com/ wss://arb-mainnet.g.alchemy.com/ wss://www.walletlink.org/ https://api.wallet.coinbase.com https://dns.google.com/ https://api.giphy.com/ https://registry.walletconnect.org/ https://api.segment.io/  *.dataplane.rudderstack.com/  https://api.rudderlabs.com/ https://www.google-analytics.com/ https://api.trongrid.io/ https://sun.tronex.io/ https://devfolio-prod.s3.ap-south-1.amazonaws.com/ https://explorer-api.walletconnect.com/ wss://relay.walletconnect.com/ https://sockjs-us2.pusher.com/ https://api.rudderstack.com/ https://cloudflare-eth.com/ data:; style-src 'self' https://fonts.googleapis.com/ https://translate.googleapis.com/ 'unsafe-inline' data:; img-src 'self' * *.devfolio.co/ data: blob:; frame-src https://www.loom.com/ https://www.youtube.com/ https://m.youtube.com/ https://www.dailymotion.com/  https://vimeo.com/ https://api.razorpay.com/ https://accounts.google.com/ https://www.google.com/ https://player.vimeo.com/ https://loom.com/  https://razorpay.com/ *.razorpay.com/ https://mozbar.moz.com/; font-src 'self' https://fonts.gstatic.com/ https://devfolio-prod.s3.ap-south-1.amazonaws.com/ https://o91302.ingest.sentry.io/  https://mozbar.moz.com https://cdn.tokenproof.xyz/fonts/ data:; frame-ancestors 'self'; media-src 'self' *.devfolio.co/ *.githubusercontent.com/ https://www.youtube.com/ https://m.youtube.com/ https://youtu.be/ https://youtube.com/ https://gateway.pinata.cloud/ data: blob:; report-uri https://o91302.ingest.sentry.io/api/1193563/security/?sentry_key=66b59c332abd4ee9902ba11631dc07c6 1
object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-'; base-uri 'none'; frame-ancestors 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-iBvV5P4rgf4I7UGqFYQlkw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-raQ9eUPvwEgefHaoEb0ySw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.zoovu.com *.checkout.com  *.zip.co *.iyzipay.com *.gstatic.com *.cloudfront.net *.checkout.com data: 'self' 'unsafe-inline';frame-ancestors 'self';frame-src *.checkout.com *.boldchat.com *.demdex.net *.brightcove.net *.tradedoubler.com *.euw2.pure.cloud *.teads.tv *.salecycle.com 'self' 'unsafe-inline';img-src *.boltdns.net *.brightcove.com *.bazaarvoice.com *.zoovu.com *.cloudfront.net *.google.co.in *.googleadservices.com *.doubleclick.net *.google.com *.boldchat.com *.everesttech.net *.zip.co *.afterpay.com *.euw2.pure.cloud *.teads.tv *.omtrdc.net *.facebook.com *.dyson.com *.assetsadobe2.com *.amazonaws.com *.adobe.com *.google-analytics.com *.riskified.com data: 'self' 'unsafe-inline';script-src *.cookielaw.org https://mt.adobe.launch.script.test.js/ *.bambuser.com *.checkout.com *.riskified.com *.queue-it.net *.zip.co *.tamara.co *.cloudfront.net *.zipmoney.com.au *.zoovu.com *.zencdn.net *.dyson.com *.pardot.com *.afterpay.com *.channeladvisor.com *.salecycle.com *.teads.tv *.brightcove.net *.snapchat.com *.tiktok.com *.facebook.net *.dynatrace.com sc-static.net *.go-mpulse.net *.googletagmanager.com *.decibelinsight.net *.boldchat.com *.newrelic.com *.googleapis.com *.google-analytics.com *.adobedtm.com *.bazaarvoice.com *.optimizely.com *.nr-data.net *.newrelic.com *.euw2.pure.cloud blob: 'self' 'unsafe-inline' 'unsafe-eval';style-src *.zoovu.com *.s3.amazonaws.com *.zip.co *.checkout.com *.googleapis.com *.optimizely.com 'self' 'unsafe-inline';object-src *.euw2.pure.cloud 'self' 'unsafe-inline';child-src *.euw2.pure.cloud blob: 'self' 'unsafe-inline';media-src *.dyson.com *.akamaihd.net *.s3.amazonaws.com *.assetsadobe.com *.euw2.pure.cloud blob: 'self' 'unsafe-inline';manifest-src blob: 'self' 'unsafe-inline';connect-src *.cookielaw.org *.boltdns.net *.akamaihd.net wss://collection.decibelinsight.net *.google.com *.akstat.io  *.cloudfront.net *.zoovu.com *.brightcove.com *.nanorep.com wss://websocket.bold360.com *.boldchat.com *.nanorep.co *.checkout.com *.zipmoney.com.au *.zip.co *.riskified.com *.decibelinsight.net *.doubleclick.net *.dyson.com *.dynatrace.com *.salecycle.com *.teads.tv *.omtrdc.net *.snapchat.com *.snapchat.com *.tiktok.com *.go-mpulse.net *.google-analytics.com *.nr-data.net *.amazonaws.com *.newrelic.com *.euw2.pure.cloud 'self' 'unsafe-inline';base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com *.intercomcdn.com *.stackpathcdn.com *.ecorebates.com use.fontawesome.com use.typekit.net www.shopperapproved.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://static.addtoany.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com js.stripe.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.weltpixel.com *.google.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com www.apptrian.com *.getbread.com *.breadpayments.com *.rbcpayplan.com https://www.magezon.com assets.instantsearchplus.com *.visualwebsiteoptimizer.com *.listrakbi.com *.everesttech.net doubleclick.net *.doubleclick.net hvacdirect.com bat.bing.com shopperapproved.com www.shopperapproved.com google.com *.google.com insight.adsrvr.org sb.scorecardresearch.com px.owneriq.net realtimeanalytics.yext.com ct.pinterest.com ps.eyeota.net *.sharethis.com obs.segreencolumn.com *.tynt.com guarantee-cdn.com alb.reddit.com tags.bluekai.com *.inspectlet.com apxl.io *.adnxs.com js.intercomcdn.com static.intercomassets.com store.paradoxlabs.com https://redchamps.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net assets.secure.checkout.visa.com sandbox.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.addtoany.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.stripe.com www.apptrian.com *.acp-magento.appspot.com *.akamaized.net *.instantsearchplus.com *.fastsimon.com fastsimon-grid.akamaized.net *.getbread.com *.breadpayments.com *.rbcpayplan.com widget.freshworks.com m2epro.freshdesk.com app.cpscentral.com cpscentral.ngrok.io clarity.ms *.clarity.ms hvacdirect.com *.ecorebates.com apxl.io *.visualwebsiteoptimizer.com guarantee-cdn.com www.redditstatic.com redditstatic.com *.listrakbi.com listrakbi.com chimpstatic.com ml314.com *.fastsimon.co cdn.shareaholic.net *.owneriq.net cdn.tynt.com de.tynt.com shopperapproved.com www.shopperapproved.com googleoptimize.com www.googleoptimize.com partner.shareaholic.net partner.shareaholic.com m9m6e2w5.stackpathcdn.com bat.bing.com instant.page s7.addthis.com platform-api.sharethis.com *.sharethis.com clickcease.com www.clickcease.com funnelytics.io *.funnelytics.io *.tctm.co *.segreencolumn.com *.intercom.io *.intercomcdn.com *.omappapi.com *.pinimg.com assets.sitescdn.net cdn.noibu.com *.cloudfront.com *.cloudfront.net analytics.tiktok.com app.shop.pe shop.pe addshoppers.s3.amazonaws.com static.ecorebates.com *.inspectlet.com 219994.tctm.xyz/t.js ob.segreencolumn.com *.google.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com assets.braintreegateway.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com www.shopperapproved.com shopperapproved.com hvacdirect.com *.ecorebates.com a.omappapi.com *.fastsimon.com use.fontawesome.com *.typekit.net cdn.listrakbi.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com js.intercomcdn.com hvacdirect.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://stats.addtoany.com/menu api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com www.apptrian.com *.getbread.com *.breadpayments.com *.rbcpayplan.com widget.freshworks.com m2epro.freshdesk.com hvacdirect.com bl.listrakbi.com *.inspectlet.com *.intercom.io wss: nexus-websocket-a.intercom.io shareaholic.net *.shareaholic.net shareaholic.com *.shareaholic.com sharethis.com *.sharethis.com funnelytics.io *.funnelytics.io googlesyndication.com pagead2.googlesyndication.com doubleclick.net *.doubleclick.net obs.segreencolumn.com bat.bing.com *.tctm.co *.fastsimon.com api.omappapi.com ct.pinterest.com analytics.tiktok.com app.shop.pe *.noibu.com *.breadgateway.net *.clarity.ms apxl.io 219994.tctm.xyz/x.json monitor.clickcease.com www.clickcease.com suggest.instantsearchplus.com dev.visualwebsiteoptimizer.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-iFndauYBKj_p9u9eT72Sdg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action https://seo.mageplaza.com www.facebook.com my.ponant.com 'self' 'unsafe-inline'; frame-ancestors wordpress.ponant.com 'self'; frame-src libs.hipay.com media.ponant.com *.youtube.com *.google.com td.doubleclick.net asset.easydmp.net www.facebook.com wordpress.ponant.com my.ponant.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com s.ytimg.com validate.fishpig.co.uk *.ponant.com 'self' data: maps.gstatic.com *.googleapis.com *.ggpht.com img.youtube.com *.ytimg.com www.facebook.com d.adroll.com *.google.com *.google.fr bat.bing.com *.linkedin.com www.googletagmanager.com wordpress.ponant.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com www.youtube.com video.google.com libs.hipay.com mpsnare.iesnare.com maps.googleapis.com *.gstatic.com *.google.com connect.facebook.net targetemsecure.blob.core.windows.net cdn.polyfill.io lib.paymentjs.firstdata.com js.authorize.net jstest.authorize.net po.ponant.com try.abtasty.com hermes.allo-media.net s.adroll.com d.adroll.com d.adroll.mgr.consensu.org ponant.script.admo.tv *.linkedin.com snap.licdn.com bat.bing.com atout.email-match.com www.googletagmanager.com googleads.g.doubleclick.net asset.easydmp.net *.en25.com wordpress.ponant.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com fonts.gstatic.com fonts.googleapis.com s.adroll.com wordpress.ponant.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.ponant.com wordpress.ponant.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src stage-data.hipay.com bat.bing.com site-azp.slgnt.eu data.ponant.com ponant.script.admo.tv ponant.admo.tv hermes.allo-media.net s.adroll.com ariane.abtasty.com dcinfos-cache.abtasty.com widgets.abtasty.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.avada.io *.sagepayments.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://get.geojs.io *.avada.io *.sagepayments.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.cloudflare.com *.twitter.com *.twimg.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
default-src 'self' https://client.getinchat.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://www.google.com https://www.gstatic.com https://cdn.userecho.com https://client.getinchat.com https://yandex.ru/ https://*.yandex.ru https://*.maps.yandex.net; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; img-src 'self' data: https://*.starline.ru https://*.maps.yandex.net https://*.google.com https://enterprise.api-maps.yandex.ru https://cdn.userecho.com https://*.openstreetmap.org http://yandex.st/ https://yandex.st/ https://mc.yandex.ru; connect-src 'self' ws://*.starline.ru wss://rpl.starline-online.ru https://client.getinchat.com https://mc.yandex.ru https://geocode.starline.ru; frame-src 'self' https://*.google.com https://arkan.ru; 1
default-src 'none'; manifest-src https://teemill.com/app.webmanifest; img-src 'self' https://images.teemill.com https://t.co https://analytics.twitter.com https://www.facebook.com https://bat.bing.com https://www.google.co.uk https://*.analytics.google.com https://www.google-analytics.com https://alb.reddit.com https://www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://www.gstatic.com https://www.google.com https://connect.facebook.net https://static.ads-twitter.com https://bat.bing.com https://*.clarity.ms https://www.redditstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://kit.fontawesome.com https://www.datadoghq-browser-agent.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src https://fonts.gstatic.com; connect-src 'self' https://api.teemill.com https://metrics.teemill.com https://*.ingest.sentry.io https://*.clarity.ms https://bat.bing.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.google.com https://*.fontawesome.com https://stats.g.doubleclick.net https://pixel-config.reddit.com https://www.redditstatic.com; frame-src 'self' https://js.stripe.com https://www.google.com https://teemill.com; object-src 'none'; base-uri 'none'; form-action 'none'; 1
default-src 'self' data: blob: https://*.trustage.com https://*.trustagedem.com https://*.trustagedemo.com; connect-src 'self' data: properties: https://cmfglifeinsurance.us-6.evergage.com https://*.google-analytics.com https://*.google.com https://*.linkedin.com https://*.niceincontact.com https://clientstream.launchdarkly.com/ https://fonts.gstatic.com https://*.optimizely.com https://*.cunamutual.com https://www.nextinsure.com https://geolocation.onetrust.com https://privacyportal.onetrust.com https://*.googlesyndication.com https://*.trustage.com https://us-central1-adaptive-growth.cloudfunctions.net https://cdn.linkedin.oribi.io https://s.yimg.com https://*.doubleclick.net https://*.trustagedem.com https://*.trustagedemo.com https://*.oktacdn.com https://*.bing.com https://*.googleapis.com https://cunamutual.okta.com https://cdn.cookielaw.org https://cunamutual.oktapreview.com/ https://*.googleadservices.com/ https://*.qualtrics.com/ https://dc.services.visualstudio.com/ https://*.levelaccess.net https://www.googletagmanager.com https://facebook.com/ https://*.segment.io https://*.segment.com https://*.permutive.com https://calc-backend-prod.herokuapp.com https://www.facebook.com; frame-ancestors 'self' https://trustage.com https://*.optimizely.com https://*.trustagedem.com https://*.trustagedemo.com; frame-src 'self' https://trustage.com https://*.googlesyndication.com https://cunamutual.widen.net https://login.microsoftonline.com https://*.widencdn.net https://*.opendns.com https://*.optimizely.com https://www.youtube.com https://chase.hostedpaymentservice.net https://chase-var.hostedpaymentservice.net https://*.doubleclick.net https://*.trustage.com https://*.trustagedem.com https://*.trustagedemo.com https://*.oktacdn.com https://www.googletagmanager.com https://*.trustpilot.com/ https://*.flashtalking.com https://*.google.com https://*.qualtrics.com https://*.affec.tv https://*.opendns.com https://www.facebook.com https://*.ceros.com https://home-c27.incontact.com;  script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://cmfglifeinsurance.us-6.evergage.com https://*.googlesyndication.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://static-demo.trustage.cloud https://*.trustage.com https://*.googleadservices.com https://*.trustagedem.com https://*.trustagedemo.com https://cdn.cookielaw.org https://*.signalintent.com https://*.google.com https://chase-var.hostedpaymentservice.net https://chase.hostedpaymentservice.net https://cdn.pdst.fm https://snap.licdn.com https://insurance.mediaalpha.com https://us-central1-adaptive-growth.cloudfunctions.net https://s.yimg.com https://*.facebook.net https://geolocation.onetrust.com https://cdn.linkedin.oribi.io https://privacyportal.onetrust.com https://*.google.com https://sp.analytics.yahoo.com https://*.linkedin.com https://www.pagespeed-mod.com https://*.google-analytics.com https://*.salesforceliveagent.com/ https://*.oktacdn.com/ https://*.trustpilot.com/ https://*.gstatic.com/ https://*.googletagmanager.com/ https://az416426.vo.msecnd.net/ https://*.levelaccess.net/ https://*.qualtrics.com/ https://www.googleoptimize.com https://bat.bing.com https://solutions.invocacdn.com https://pnapi.invoca.net https://*.affec.tv/ https://*.evgnet.com/ https://*.ceros.com https://home-c27.incontact.com https://secure.adnxs.com https://cdn.permutive.com https://trkn.us https://www.facebook.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*.trustage.com https://cmfglifeinsurance.us-6.evergage.com https://www.gstatic.com https://*.optimizely.com https://*.affec.tv/ https://chase.hostedpaymentservice.net https://*.bing.com https://*.google.com https://*.doubleclick.net https://*.googleadservices.com https://*.google-analytics.com https://www.googletagmanager.com https://*.googleadservices.com https://*.googlesyndication.com https://cdn.pdst.fm https://cdn.cookielaw.org https://snap.licdn.com https://*.qualtrics.com https://s.yimg.com https://*.salesforceliveagent.com https://*.facebook.com https://connect.facebook.net https://www.youtube.com https://bat.bing.com https://*.evgnet.com/ https://*.levelaccess.net https://chase-var.hostedpaymentservice.net https://*.oktacdn.com https://www.googleoptimize.com https://*.trustpilot.com/ https://az416426.vo.msecnd.net/ https://solutions.invocacdn.com https://secure.adnxs.com https://cdn.permutive.com https://*.signalintent.coms https://*.segment.com https://*.ceros.coms; style-src 'self' 'unsafe-inline' https://cmfglifeinsurance.us-6.evergage.com https://*.trustage.com https://*.trustagedem.com https://*.trustagedemo.com https://*.signalintent.com https://rsms.me https://*.googleapis.com https://*.google.com https://*.googlesyndication.com https://google.ca https://www.googleoptimize.com https://*.google-analytics.com https://*.trustpilot.com/ https://www.youtube.com https://web-modules-de-na1.niceincontact.com  https://pwm-image.trendmicro.com https://cdn.honey.io; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; font-src 'self' data: https://cmfglifeinsurance.us-6.evergage.com https://fonts.gstatic.com https://rsms.me https://maxcdn.bootstrapcdn.com https://fonts.cdnfonts.com https://use.fontawesome.com https://static2.sharepointonline.com https://static.zip.co https://embed.signalintent.com https://appservice.azureedge.net/; report-uri /api/csp/report; 1
object-src 'none';base-uri 'self';script-src 'nonce-_zBH7VKh5ilpqeqewLNVYA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-C9V4T_oQnVGr90agkipHyw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; base-uri 'self'; child-src 'self' *.youtube-nocookie.com *.twitter.com *.gstatic.com *.googleapis.com *.googletagmanager.com 3f5l8ze0o4j2m.cloudfront.net *.youtube.com *.youtube-no-cookie.com *.ytimg.com *.google.com www.google.com https://player.vimeo.com https://www.facebook.com https://staticxx.facebook.com; connect-src 'self' *.twimg.com *.twitter.com *.gstatic.com *.googleapis.com *.google-analytics.com https://www.facebook.com/tr http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://heatmaps.monsido.com https://stats.g.doubleclick.net/ https://analytics.tiktok.com/; frame-src 'self' https://staticcdn.co.nz https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.youtube-nocookie.com *.twitter.com *.gstatic.com *.googleapis.com *.googletagmanager.com 3f5l8ze0o4j2m.cloudfront.net *.youtube.com *.youtube-no-cookie.com *.ytimg.com *.google.com www.google.com https://player.vimeo.com https://www.facebook.com https://staticxx.facebook.com https://optimize.google.com https://tr.snapchat.com https://bid.g.doubleclick.net/; frame-ancestors 'self'; font-src 'self' *.twimg.com *.twitter.com *.gstatic.com *.googleapis.com fonts.gstatic.com fonts.googleapis.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://use.typekit.net data: 'self'; form-action 'self' *.twitter.com https://www.facebook.com/tr/ https://connect.facebook.com https://tr.snapchat.com/; img-src 'self' *.twimg.com *.twitter.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com d3f5l8ze0o4j2m.cloudfront.net *.ytimg.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://staticcdn.co.nz/embed/close.png https://optimize.google.com https://p.typekit.net https://px.ads.linkedin.com https://bat.bing.com/ https://p.adsymptotic.com/ https://www.google.com/ https://www.google.co.nz/ https://tracking.monsido.com/ https://cdn.monsido.com/ https://www.linkedin.com/ https://dc.ads.linkedin.com/ data: https://www.facebook.com https://collect-ap-southeast-2.tealiumiq.com; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.jquery.com *.staticcdn.co.nz https://use.typekit.net https://cdnjs.cloudflare.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://static.hotjar.com/* d3f5l8ze0o4j2m.cloudfront.net https://connect.facebook.net https://staticcdn.co.nz https://www.googletagmanager.com https://www.google-analytics.com https://www.google-analytics.com/analytics.js https://stats.g.doubleclick.net https://optimize.google.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://bat.bing.com https://46e2fa37ca504ebc8217a70ea9c22c81.js.ubembed.com/ https://sc-static.net/ https://www.nmit.ac.nz/ https://app-script.monsido.com/ https://assets.ubembed.com/ https://vxml4.plavxml.com/ https://heatmaps.monsido.com/ https://cdn.monsido.com/ https://analytics.tiktok.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/ https://tags.tiqcdn.com; style-src 'self' 'unsafe-inline' *.twimg.com *.twitter.com *.gstatic.com *.googleapis.com fonts.googleapis.com https://optimize.google.com/optimize/editor/css/css.css https://optimize.google.com https://www.nmit.ac.nz/themes/nmit/css/cookieconsent.min.css; 1
script-src 'report-sample' 'strict-dynamic' 'nonce-Dkrs2NCejyDm' https: 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; font-src * data: https:; img-src * data: https:; media-src * data: blob: https:; worker-src blob:; connect-src https://*.optimalworkshop.com https://*.dev-optimalworkshop.com https://*.google-analytics.com https://*.intercom.io wss://*.intercom.io https://*.fontawesome.com https://*.doubleclick.net https://*.wistia.com https://*.litix.io https://*.bing.com https://*.linkedin.oribi.io https://px.ads.linkedin.com https://*.hotjar.io https://*.bamboohr.com https://*.googlesyndication.com https://*.analytics.google.com https://*.outbrain.com https://*.googleapis.com https://*.hotjar.io https://*.facebook.com wss://*.hotjar.com https://pixel.wp.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://browser-intake-datadoghq.com https://optimalworkshop.formstack.com; style-src https://*.optimalworkshop.com https://*.dev-optimalworkshop.com https://*.google-analytics.com https://*.intercom.io wss://*.intercom.io https://*.fontawesome.com https://*.doubleclick.net https://*.wistia.com https://*.litix.io https://*.bing.com https://*.linkedin.oribi.io https://px.ads.linkedin.com https://*.hotjar.io https://*.bamboohr.com https://*.googlesyndication.com https://*.analytics.google.com https://*.outbrain.com https://*.googleapis.com https://*.hotjar.io https://*.facebook.com wss://*.hotjar.com https://pixel.wp.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://browser-intake-datadoghq.com https://optimalworkshop.formstack.com blob: https: 'unsafe-inline'; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub2a2917ee82a037666b50209749d4be3a&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Amarketing%2Cenv%3Aproduction 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report; connect-src https: wss://*.iitrust.lk wss://*.iitrust.ru:* wss://*.sber-solutions.ru 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' *.moxa.com *.moxa.com.cn https://*.google.com *.addthis.com *.youtube.com;              style-src 'unsafe-inline' *;               script-src 'self' 'unsafe-inline' 'unsafe-eval' *.moxa.com *.moxa.com.cn snap.licdn.com static.ads-twitter.com www.googletagmanager.com www.youtube.com fast.fonts.net  cdn-cms.azureedge.net    *.alicdn.com  *.google-analytics.com *.crazyegg.com *.googleadservices.com cdn.bizible.com                         cdn-akamai.mookie1.com s.ytimg.com *.pingdom.net *.doubleclick.net *.marketo.net        cdn.polyfill.io tags.tiqcdn.com tags.tiqcdn.cn *.marketo.net                         *.usabilla.com *.gstatic.com *.google.com  *.facebook.net *.facebook.com *.addthis.com *.addthisedge.com        *.googleapis.com *.googletagmanager.com *.youtube.com *.moatads.com       cdn.onesignal.com *.swiftypecdn.com *.onesignal.com *.assets.zendesk.com easyid.scansafe.net       static-resource.com cdn-javascript.net gateway.zscaler.net easyid.scansafe.com gateway.zscloud.net       *.optnmnstr.com tribedone.org *.exeloncorp.com linkangood.com filter.nov.com rasenalong.com       osskanger.com yastatic.net;              connect-src 'self' *.mktoresp.com *.pingdom.net *.moxa.com *.moxa.com.cn *.facebook.com *.addthis.com *.google-analytics.com  *.pingdom.net *.doubleclick.net *.zdassets.com *.api.opmnstr.com plugin.ucads.ucweb.com easyid.scansafe.net;     frame-src 'self' *.doubleclick.net *.addthis.com *.google.com *.mookie1.com *.youtube.com *.googleapis.com *.akamaihd.net *.facebook.com  ;     img-src 'self' data: *;      font-src 'self' data: *;     media-src 'self' data: *.gstatic.com  *.azureedge.net;      report-uri https://moxacsp.report-uri.com/r/d/csp/reportOnly 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/wallet_google 1
object-src 'none';base-uri 'self';script-src 'nonce-RxL3uGfgUDLEGeuRJa0rpw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' essentialed.com *.essentialed.com passged.com *.passged.com d2lpurk2qe2oc.cloudfront.net d3ebkza70oew6x.cloudfront.net dpg0n9q1lsnov.cloudfront.net d37nqy2yusfq54.cloudfront.net d2pfk5on3dtp5q.cloudfront.net js-agent.newrelic.com bam.nr-data.net *.typekit.net *.google.com *.google.ca *.google.com.mx *.google.co.uk *.google.de *.googletagmanager.com *.google-analytics.com *.googleapis.com *.doubleclick.net *.googlesyndication.com *.gstatic.com *.wistia.com *.wistia.net *.litix.io *.credly.com *.hubspot.com *.hs-banner.com *.hs-analytics.net *.hs-analytics.com *.hs-scripts.com *.hsforms.com *.hsforms.net *.hscollectedforms.net *.plyr.io *.crazyegg.com *.hotjar.com analytics.tiktok.com *.bing.com hiset.org *.clarity.ms *.jquery.com *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.paypal.com *.paypalobjects.com js.stripe.com *.facebook.com *.facebook.net widget.trustpilot.com *.wisernotify.com *.wisermapp.com wnreports.azurewebsites.net data: ws: wss: about: blob:; frame-ancestors 'self' essentialed.com *.essentialed.com passged.com *.passged.com; report-to csp-endpoint 1
frame-ancestors 'self';block-all-mixed-content;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' https://cdnjs.cloudflare.com https://cdn.polyfill.io https://cb-tsc.linz.at https://m.youtube.com https://stats.linz.at https://unpkg.com https://www.etermin.net https://www.youtube.com;style-src 'self' 'report-sample' 'unsafe-inline' cdnjs.cloudflare.com openlayers.org unpkg.com;object-src 'none';frame-src 'self' *.youtube.com www.etermin.net www.youtube-nocookie.com;child-src 'self' www.youtube.com;img-src 'self' data: *.wien.gv.at *.ytimg.com *.youtube.com cdnjs.cloudflare.com unpkg.com;font-src 'self' cdnjs.cloudflare.com cb-tsc.linz.at unpkg.com;connect-src 'self' *.linz.at cdnjs.cloudflare.com maps.wien.gv.at noembed.com;manifest-src 'self';base-uri 'self';form-action 'self';media-src 'self';prefetch-src 'self';worker-src 'self'; 1
report-uri /_/csp-reports 1
base-uri 'self'; form-action 'self'; frame-ancestors 'self'; frame-src 'self'; upgrade-insecure-requests; block-all-mixed-content 1
object-src 'none';base-uri 'self';script-src 'nonce-B33Cx8w3cl7up-LXbjEllw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com; object-src 'none'; base-uri 'none'; script-src 'self' 'unsafe-inline' bat.bing.com www.gstatic.com s.adroll.com d.adroll.com connect.facebook.net googleapis.com www.google-analytics.com www.googletagmanager.com *.pure.cloud js.braintreegateway.com; report-uri https://csp.withgoogle.com/csp/webpass/20191113_experiment; 1
object-src 'none';base-uri 'self';script-src 'nonce-T2TfoF2cZm9EejAn1Asx2Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-tDOo83H2TsxWhuztu8fLOg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' tenet.okta.com login.etenet.com *.oktacdn.com; connect-src 'self' tenet.okta.com tenet-admin.okta.com login.etenet.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com tenet.kerberos.okta.com https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' tenet.okta.com login.etenet.com *.oktacdn.com; style-src 'unsafe-inline' 'self' tenet.okta.com login.etenet.com *.oktacdn.com; frame-src 'self' tenet.okta.com tenet-admin.okta.com login.etenet.com login.okta.com *.vidyard.com; img-src 'self' tenet.okta.com login.etenet.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' tenet.okta.com login.etenet.com data: *.oktacdn.com fonts.gstatic.com 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: wroclaw.intelix.pl:63981 www.google.com *.sr.gov.pl wss://waf.intelix.pl wss://wroclaw.intelix.pl:63981 maps.google.com static.site24x7rum.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-waHgHgK6eiZxxdggq1la5g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src https://*.gstatic.com *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.narvar.com *.narvar.qa script.hotjar.com fonts.googleapis.com fonts.gstatic.com *.inside-graph.com integration-cdn.toshi.co acsbapp.com shopping.qantas.com appdown.pstatic.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.facebook.com *.cardinalcommerce.com www.facebook.com *.kaptcha.com bid.g.doubleclick.net ct.pinterest.com www.rsa3dsauth.co.uk www.securesuite.co.uk *.americanexpress.com 3dsecure-vrp.de 'self' 'unsafe-inline'; frame-ancestors au-tracker.inside-graph.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.google.com *.doubleclick.net *.facebook.com *.pinterest.com *.sharethis.com *.hotjar.co vimeo.com acsbapp.com *.kaptcha.com player.smartzer.com www.google.com www.facebook.com accounts.accessibe.com dashboard.accessibe.com cestream.me 3ds.sia.eu acs2.3dsecure.no www.houzz.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.adyen.com https://*.gstatic.com *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.narvar.com *.narvar.qa adservice.google.com script.hotjar.com www.google.sa www.google.ca *.bing.com *.clarity.ms data:* web1.acsbapp.com integration-sandbox-cdn.toshi.co www.google.bg www.google.be www.google.co.uk www.google.nl www.gstatic.com translate.google.com idsync.rlcdn.com consent.linksynergy.com au-live.inside-graph.com bam-cell.nr-data.net integration-cdn.toshi.co bat.bing.com www.google.com.au google.com.au *.searchspring.io *.media.tumblr.com s.ytimg.com maps.googleapis.com maps.gstatic.com au-cdn.inside-graph.com www.google.co.in d3cgm8py10hi0z.cloudfront.net track.linksynergy.com *.sharethis.com *.micpn.com *.pinterest.com zimmermann.com www.google.tn www.google.com.hk www.google.com.et www.google.com.eg www.google.co.tz www.google.ci www.google.co.ke www.google.cm www.google.lk www.google.com.ng www.google.ne www.google.com.mm www.google.co.mz www.google.co.id www.google.bi www.google.com.kh www.google.co.ve www.google.cd www.google.com.gh www.google.so www.google.com.af www.google.ht www.google.com.ni www.google.la www.google.cg www.google.bf www.google.sn www.google.com.ly www.google.mg www.google.com.sb www.google.com.pg www.google.com.np sync.sharethis.com www.google.com.py www.google.ml www.google.com.sl www.google.co.ls www.google.to www.google.gm www.google.rw www.google.com.vn www.google.com.sv www.google.co.kr www.google.com.bo www.google.com.sg www.google.mw www.google.si www.google.tl www.google.sc www.google.co.zm www.google.tg www.google.com.pk 4mrr1kwk.micpn.com www.google.ge www.google.com.fj www.google.com.na www.google.td www.google.ee www.google.mk www.google.bj www.google.mn www.google.bt www.google.co.bw www.google.fi www.google.com.uy www.google.co.th www.google.com.pe www.google.cv www.google.co.zw www.google.ga www.google.by www.google.iq www.google.com.ec www.google.co.jp www.google.com.pa www.google.dz www.google.ws analytics.tiktok.com www.google.gy www.google.de sdk.privacy-center.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.googleapis.com *.gstatic.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com https://cdn.searchspring.net/intellisuggest/is.min.js analytics.tiktok.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com *.searchspring.net *.acsbapp.com au-tracker.inside-graph.com cdn.scarabresearch.com intljs.rmtag.com *.inside-graph.co js-agent.newrelic.com *.inside-graph.com acsbapp.com tag.lexer.io *.toshi.co *.bugsnag.com *.sharethis.com script.crazyegg.com *.clarity.ms www.fullstory.com songbirdstag.cardinalcommerce.com www.gstatic.com vimeocdn.com youtube.com googletagmanager.com maps.googleapis.com fullstory.com bat.bing.com 4mrr1kwk.micpn.com s.pinimg.com tag.rmp.rakuten.com *.hotjar.com ut.rd.linksynergy.com ct.pinterest.com unsafe-inline sdk.privacy-center.org 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com/ fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.inside-graph.com *.searchspring.net webchat.dotdigital.com cdn.honey.io *.aptrinsic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.narvar.com *.narvar.qa au-cdn.inside-graph.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com https://beacon.searchspring.io/beacon analytics.tiktok.com data.stbuttons.click www.google.com.au translate.googleapis.com *.searchspring.io *.acsbapp.co cdn.acsbapp.com au-live.inside-graph.com bam.nr-data.net uat.tryzens-analytics.com:12280 *.scarabresearch.com wss://au-live.inside-graph.com  *.bugsnag.com *.postcodeanywhere.co.uk *.sharethis.com script.crazyegg.com stats.g.doubleclick.net *.pinterest.com track.lexer.io www.tryzens-analytics.com:12280 www.google.co.ke www.google.bi pagestates-tracking.crazyegg.com www.google.com.sl www.google.co.ao www.google.cm www.google.com.np www.google.cd www.google.co.ve www.google.lk www.google.co.tz www.google.com.ng www.google.so www.google.ne www.google.co.id www.google.co.ls www.google.tn assets-tracking.crazyegg.com www.google.ht www.google.co.mz acsbapp.com www.google.com.co cp.crwdcntrl.net www.google.ci tracking.crazyegg.com www.google.co.za www.google.tl www.google.com.pk www.google.com.sv www.google.com.ly www.google.mg www.google.tg www.google.gm www.google.com.eg www.google.co.kr www.google.bf www.google.sn www.google.ga www.google.bj ad.doubleclick.net www.google.cg www.google.com.ar www.google.co.ma www.google.com.et www.google.fr www.google.com.na www.google.co.uk www.google.nl www.google.ml www.google.rw www.google.com.uy www.google.com.bo www.google.com.ni www.google.ki www.google.ee www.google.com.gt www.google.com.py www.google.com.gh www.google.com.kh www.google.com.vn www.google.ru www.google.cv www.google.com.mm www.google.co.zm www.google.vu www.google.com.ec www.google.es www.google.at bat.bing.com vc.hotjar.io www.google.de ws.hotjar.com content.hotjar.io metrics.hotjar.io www.google.ca www.tryzens-analytics.com ct.pinterest.com www.google.com.pe www.google.co.in www.google.ge googleads.g.doubleclick.net fresnel.vimeocdn.com api.privacy-center.org pagead2.googlesyndication.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://289r1hnfc9.execute-api.eu-west-1.amazonaws.com/prod/zmn-cspdata; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-z_HyOV1eBZfnhxmx_XUDBQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-7dLOBoIwef1uYsj5q2Z5rw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' *.smaprendizaje.com *.smapplications.net *.educamos.sm *.grupo-sm.com *.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.smaprendizaje.com *.smapplications.net *.educamos.sm *.grupo-sm.com www.google-analytics.com www.googletagmanager.com cdn.jsdelivr.net *.fontawesome.com static.cloudflareinsights.com *.cloudflare.com cdn.segment.com sdk.privacy-center.org *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net; img-src 'self' data: blob: *.amazonaws.com *.smaprendizaje.com *.smapplications.net *.educamos.sm *.grupo-sm.com cdn.jsdelivr.net *.blob.core.windows.net *.google-analytics.com *.googletagmanager.com; font-src 'self' data: www.google.com fonts.gstatic.com fonts.googleapis.com *.fontawesome.com cdn.jsdelivr.net ms-browser-extension; frame-src 'self' blob *.smaprendizaje.com *.smapplications.net *.educamos.sm *.grupo-sm.com *.amazonaws.com httpbin.org login.microsoftonline.com *.educamos.sm *.google.com; connect-src 'self' blob: *.smaprendizaje.com *.smapplications.net *.educamos.sm *.grupo-sm.com *.azurewebsites.net *.fontawesome.com *.google-analytics.com *.doubleclick.net *.privacy-center.org cdn.jsdelivr.net cdn.segment.com; report-uri https://csp-report-pro.smapplications.net/ 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com https://cdn.checkout.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com m2media.jacksonsart.com https://m2media.jacksonsart.com *.jacksonsart.com https://*.jacksonsart.com https://fonts.intercomcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com m2media.jacksonsart.com https://m2media.jacksonsart.com *.jacksonsart.com https://*.jacksonsart.com https://www.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.meetanshi.com m2media.jacksonsart.com https://m2media.jacksonsart.com *.jacksonsart.com https://*.jacksonsart.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://www.google.com www.google.com *.awin1.com *.zenaps.com *.doubleclick.net https://js.checkout.com *.klarna.com *.meetanshi.com www.facebook.com platform.twitter.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com payment.preprod.direct.worldline-solutions.com m2media.jacksonsart.com https://m2media.jacksonsart.com *.jacksonsart.com https://*.jacksonsart.com *.issuu.com *.worldline-solutions.com https://consent.youtube.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.awin1.com *.zenaps.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.meetanshi.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.pixriot.com *.storeimaging.com m2media.jacksonsart.com https://m2media.jacksonsart.com *.jacksonsart.com https://*.jacksonsart.com www.google.co.uk *.doubleclick.net https://*.intercomcdn.com https://*.intercomassets.com https://googleads.g.doubleclick.net https://www.google.com.au https://lantern.roeye.com https://media.jasm2.co.uk https://www.google.com https://i3.ytimg.com/vi/ALWbVXwk0Eg https://edge.marker.io https://widget.trustpilot.com https://invitejs.trustpilot.com https://bat.bing.com https://connect.facebook.com https://s.pinimg.com https://js-agent.newrelic.com https://bam.eu01.nr-data.net https://i3.ytimg.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googleapis.com *.gstatic.com apis.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com https://cdn.checkout.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com *.meetanshi.com connect.facebook.net twitter.com platform.twitter.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com payment.preprod.direct.worldline-solutions.com m2media.jacksonsart.com https://m2media.jacksonsart.com *.jacksonsart.com https://*.jacksonsart.com www.google.co.uk https://www.google.co.uk *.google.co.uk https://*.google.co.uk *.hotjar.com https://*.hotjar.com region1.analytics.google.com https://region1.analytics.google.com *.analytics.google.com https://*.analytics.google.com *.intercom.io https://payment.direct.worldline-solutions.com https://jacks11170.pcapredict.com/js/sensor.js *.doubleclick.net https://*.intercomcdn.com https://*.postcodeanywhere.co.uk https://lantern.roeyecdn.com ajax.cloudflare.com static.cloudflareinsights.com https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtm.js www.gstatic.com https://edge.marker.io https://widget.trustpilot.com https://invitejs.trustpilot.com https://bat.bing.com https://connect.facebook.com https://connect.facebook.net https://s.pinimg.com https://js-agent.newrelic.com https://bam.eu01.nr-data.net https://polyfill.io https://consent.youtube.com https://static.hotjar.com https://js.checkout.com https://fpjs.checkout.com https://fpjscache.checkout.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline https://cdn.checkout.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com tagmanager.google.com m2media.jacksonsart.com https://m2media.jacksonsart.com *.jacksonsart.com https://*.jacksonsart.com https://*.postcodeanywhere.co.uk 'self' 'unsafe-inline'; object-src m2media.jacksonsart.com https://m2media.jacksonsart.com *.jacksonsart.com https://*.jacksonsart.com 'self' 'unsafe-inline'; media-src *.adobe.com m2media.jacksonsart.com https://m2media.jacksonsart.com *.jacksonsart.com https://*.jacksonsart.com 'self' 'unsafe-inline'; manifest-src m2media.jacksonsart.com https://m2media.jacksonsart.com *.jacksonsart.com https://*.jacksonsart.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.googleapis.com https://the.sciencebehindecommerce.com https://js.checkout.com *.klarnaevt.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.meetanshi.com *.pixriot.com *.storeimaging.com https://www.google-analytics.com payment.preprod.direct.worldline-solutions.com m2media.jacksonsart.com https://m2media.jacksonsart.com *.jacksonsart.com https://*.jacksonsart.com *.doubleclick.net *.hotjar.com https://*.hotjar.com *.hotjar.io ws.hotjar.com wss://ws.hotjar.com www.google.co.uk https://www.google.co.uk *.google.co.uk https://*.google.co.uk region1.analytics.google.com https://region1.analytics.google.com *.analytics.google.com https://*.analytics.google.com https://api-iam.intercom.io https://js.intercomcdn.com *.bing.com wss://nexus-websocket-a.intercom.io https://widget.trustpilot.com https://api.marker.io https://ct.pinterest.com https://bam.eu01.nr-data.net https://fcm.googleapis.com https://www.facebook.com https://bam.nr-data.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.awin1.com *.zenaps.com m2media.jacksonsart.com https://m2media.jacksonsart.com *.jacksonsart.com https://*.jacksonsart.com http: https: blob: 'self' 'unsafe-inline'; default-src m2media.jacksonsart.com https://m2media.jacksonsart.com *.jacksonsart.com https://*.jacksonsart.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'strict-dynamic' 'nonce-qSUs4TTVu7OSuZvddnj8bQ=='; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.cookielaw.org *.doubleclick.net *.facebook.com *.facebook.net prod-spr-livechat-secure.s3.amazonaws.com *.googlesyndication.com *.sprinklr.com bat.bing.com *.gstatic.com www.googletagmanager.com *.googleapis.com flask.nextdoor.com www.google-analytics.com vc.hotjar.io www.racetrac.com *.hotjar.com tags.srv.stackadapt.com *.onetrust.com *.adsrvr.org www.google.com s3.amazonaws.com ads.nextdoor.com sc-static.net assets.onestore.ms *.snapchat.com prod-spr-livechat.s3.amazonaws.com analytics.google.com cdn.resonate.com ds.reson8.com appleid.cdn-apple.com adservice.google.com *.cloudinary.com px.adentifi.com prod.cdata.app.sprinklr.com.s3.amazonaws.com *.googleadservices.com *.azureedge.net prod-cdata-secure.sprinklr.com.s3.amazonaws.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none'; script-src 'self' 'unsafe-inline' https://cdn.matomo.cloud https://heritagefund.matomo.cloud https://cdnjs.cloudflare.com https://polyfill-fastly.io https://heritagefund.matomo.cloud/; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://cdn.matomo.cloud https://heritagefund.matomo.cloud https://cdnjs.cloudflare.com https://polyfill-fastly.io; style-src 'self' 'unsafe-inline' https://p.typekit.net; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://p.typekit.net/; frame-ancestors 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-71fcWOR2L0cBKJfeMV9Iug' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-m67Tyqx5a9F14gEo8HS0VQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.googletagmanager.com beacon.etfflows.com www.socialintents.com vettafi.com *.licdn.com adservice.google.com *.wisdomtree.com www.google-analytics.com api.wisdomtreeprimeapp.com bat.bing.com cdn.jsdelivr.net *.googleadservices.com rum-static.pingdom.net pt.ispot.tv consentcdn.cookiebot.com cdn.evgnet.com *.facebook.com *.twitter.com *.doubleclick.net *.facebook.net use.typekit.net ka-f.fontawesome.com *.linkedin.com t.co *.clarity.ms *.gstatic.com region1.google-analytics.com consent.cookiebot.com *.evergage.com rum-collector-2.pingdom.net *.googlesyndication.com ad.wsod.com *.ads-twitter.com www.google.com p.typekit.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-sXPF67gjmPEH7cICTYdo1A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-inline' ajax.googleapis.com cdn.vidyard.com euc-widget.freshworks.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com play.vidyard.com www.google-analytics.com www.googletagmanager.com; script-src 'self' 'unsafe-inline' ajax.googleapis.com euc-widget.freshworks.com www.google-analytics.com www.googletagmanager.com 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' ajax.googleapis.com euc-widget.freshworks.com www.d-hosting.nl www.google-analytics.com www.googletagmanager.com; script-src-attr 'unsafe-inline'; style-src 'self' euc-widget.freshworks.com fonts.googleapis.com maxcdn.bootstrapcdn.com 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' euc-widget.freshworks.com fonts.googleapis.com maxcdn.bootstrapcdn.com www.d-hosting.nl; style-src-attr 'unsafe-inline'; img-src 'self' www.d-hosting.nl www.google-analytics.com www.gstatic.com www.googletagmanager.com; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com; connect-src 'self' euc-widget.freshworks.com www.google-analytics.com; frame-src 'self' www.googletagmanager.com; frame-ancestors 'self'; form-action 'self'; report-uri https://07d95ef832b8e7e3fcc49a07cb322378.report-uri.com/r/d/csp/wizard 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: staticw2.yotpo.com *.hotjar.com cdn.flbx.io services-s1.cbdistillery.com xxredda.s3.amazonaws.com cdn.swellrewards.com www.googletagmanager.com use.fontawesome.com static.ordergroove.com aggle.net static.klaviyo.com bes.gcp.data.bigcommerce.com cdn01.basis.net sc-static.net wss://vst.heatmap.com secure.addrexx10.com www.cloudflare.com collector-azsx401.dmp.cnna.io cfg.heatmap.com *.outbrain.com *.taboola.com ids.cdnwidget.com *.online-metrix.net dashboard.heatmap.com onsite-api.listrak.com addshoppers.s3.amazonaws.com *.criteo.com api.bounceexchange.com p.yotpo.com tracking.lqm.io exchange.mediavine.com page.cdnbasket.net ipv4.podscribe.com e.cdnwidget.com sync.aralego.com *.gstatic.com acsbapp.com herb.aggle.net shop.pe e1.emxdgt.com cbdistillery-bc.ordergroove.com eb2.3lift.com alocdn.com *.sitescout.com *.pubmatic.com sentry.io addstrap-ui.addshoppers.com www.google-analytics.com a.klaviyo.com ad.tpmn.co.kr sync.dmp.cnna.io wss://service.heatmap.com verifi.podscribe.com contextual.media.net web.chtbl.com payments.bigcommerce.com cdn-swell-assets.yotpo.com view.cdnbasket.net imgs.signifyd.com tapestry.tapad.com *.twitter.com analytics.google.com 8xzkg94z39.execute-api.us-west-2.amazonaws.com cdn11.bigcommerce.com ih.adscale.de *.googleapis.com tr2.smarterhq.io shopper.shop.pe *.snapchat.com *.ads-twitter.com loyalty.yotpo.com sync-criteo.ads.yieldmo.com tags.cnna.io www.google.com events.bouncex.net d.impactradius-event.com c.bing.com tags.srv.stackadapt.com cdn-4.convertexperiments.com ww.steelhousemedia.com db.revoffers.com restapi.ordergroove.com mediacdn.espssl.com metrics.hotjar.io b-code.liadm.com trkn.us ade.clmbtech.com s1.listrakbi.com *.doubleclick.net *.facebook.com cdn.aggle.net *.cloudfront.net match.sharethrough.com maxcdn.bootstrapcdn.com *.rubiconproject.com tsdtocl.com *.casalemedia.com cdn-widgetsrepository.yotpo.com www.dwin1.com id.a-mx.com criteo-partners.tremorhub.com tag.bounceexchange.com cdn.listrakbi.com *.smartadserver.com nytrng.com static-tracking.klaviyo.com ext.chtbl.com *.criteo.net react.bigcommerce.production.listrak.com cbdistillery.vxoy.net s3.amazonaws.com criteo-sync.teads.tv dx.steelhousemedia.com bl.listrakbi.com *.adsrvr.org c.heatmap.com product.listrakbi.com sync.1rx.io at1.listrakbi.com static-forms.klaviyo.com s.ad.smaato.net assets.bounceexchange.com kns.heatmap.com cdn-scripts.signifyd.com cdn.acsbapp.com data.cdnbasket.net services.cbdistillery.com p.gcprivacy.com pd.cdnwidget.com oc.listrakbi.com content.hotjar.io service.trafficroots.com app.shop.pe visitor.omnitagjs.com match.360yield.com analytics.webgains.io t.co microapps.bigcommerce.com ad.360yield.com fast.a.klaviyo.com *.facebook.net connect.getflowbox.com *.openx.net a.usbrowserspeed.com *.adnxs.com cdn.jsdelivr.net i.liadm.com p2.gcprivacy.com *.bidswitch.net rp.liadm.com trends.revcontent.com manage.safeopt.com jadserve.postrelease.com script.flowershop.media px.steelhousemedia.com d.impct.site i.geistm.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
frame-ancestors 'none'; report-uri https://vault.gostatera.com/collect/csp 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://app.upsellit.com/hound/monitor.jsp https://bat.bing.com/bat.js https://cdn.optimizely.com/js/27961920457.js https://cdn.rollbar.com/rollbarjs/refs/tags/v2.21.0/rollbar.min.js https://cdn.segment.com/next-integrations/integrations/google-analytics/2.18.5/google-analytics.dynamic.js.gz https://d.impactradius-event.com/A1240932-0549-4e86-80c7-638e7bbeaaa41.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1023893609/ https://philes.sparefoot.com/assets/44134285d7bc10d35139f3e0fbe71c8777d6f843/main.js https://privacyconsentmgmt.storable.com/cq_Storable/prod/Bootstrap.js https://rum-static.pingdom.net/pa-51c33a5fabe53dc464000000.js https://static.cloudflareinsights.com/beacon.min.js/vef91dfe02fce4ee0ad053f6de4f175db1715022073587 https://www.clarity.ms/s/0.7.32/clarity.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://www.upsellit.com/active/sparefoot.jsp; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://privacyconsentmgmt.storable.com https://cdn.optimizely.com https://cdn.rollbar.com https://philes.sparefoot.com https://static.cloudflareinsights.com https://cdn.segment.com https://www.googletagmanager.com https://www.google-analytics.com https://www.upsellit.com https://www.clarity.ms https://bat.bing.com  https://d.impactradius-event.com https://rum-static.pingdom.net https://googleads.g.doubleclick.net https://app.upsellit.com https://c.clarity.ms; style-src 'report-sample' 'self'; style-src-elem 'self' 'unsafe-inline' ; object-src 'none'; base-uri 'self'; connect-src 'self' https://analytics.google.com https://bat.bing.com https://cdn.segment.com https://logx.optimizely.com https://rum-collector-2.pingdom.net https://sparefoot.pxf.io https://stats.g.doubleclick.net https://u.clarity.ms https://www.google-analytics.com https://www.google.co.in; font-src 'self' https://philes.sparefoot.com; frame-src 'self' https://a27961920457.cdn.optimizely.com https://td.doubleclick.net; img-src 'self' data: https://bat.bing.com https://logs-01.loggly.com https://philes.sparefoot.com https://privacyconsentmgmt.storable.com https://tracking-service.sparefoot.com https://www.google.co.in https://www.google.com https://www.ojrq.net https://c.bing.com https://c.clarity.ms; manifest-src 'self'; media-src 'self'; report-uri https://66556511ba0fe9f975804bb9.endpoint.csper.io/?v=0; worker-src 'none'; 1
default-src 'self'; script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://www.google-analytics.com; upgrade-insecure-requests; 1
default-src 'self' https://cdn.monetnik.ru; style-src 'self' https://cdn.monetnik.ru 'unsafe-inline' https://yastatic.net https://fonts.googleapis.com https://*.mindbox.ru;  object-src 'none';  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com https://cdn.monetnik.ru https://googleads.g.doubleclick.net https://www.google-analytics.com  https://apis.google.com https://adspire.io/  https://track.adspire.io  https://top-fwz1.mail.ru  https://vk.com https://*.mindbox.ru https://yastatic.net  https://www.googletagmanager.com https://mc.yandex.ru https://cdn.scarabresearch.com;  connect-src 'self' https://cdn.monetnik.ru https://mc.yandex.com https://stats.g.doubleclick.net https://analytics.google.com https://www.google-analytics.com https://top-fwz1.mail.ru/ https://*.mindbox.ru https://vk.com https://mc.yandex.ru https://o446164.ingest.sentry.io https://recommender.scarabresearch.com;  img-src https: data:;  frame-src https://mc.yandex.com https://mc.yandex.ru https://blackfire.io https://content.adriver.ru  https://www.youtube.com  https://www.googletagmanager.com  https://yandex.ru;  worker-src blob:;  font-src 'self' https://cdn.monetnik.ru fonts.gstatic.com; report-uri /external-event/log/csp/ 1
default-src 'self'; img-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 1
object-src 'none';base-uri 'self';script-src 'nonce-9UY5fKAxzoskJLX4XkzJlg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src https: 'strict-dynamic' 'report-sample' 'nonce-8f8PD7Isyww4mz1xs51tkpcGCxkJQGm/m7g25p799q8='; base-uri 'self';report-to csp-endpoint 1
default-src 'self' *.cumulusmedia.com 'report-sample'; base-uri 'self'; script-src 'self' *.cumulusmedia.com 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' *.googletagmanager.com *.google-analytics.com stats.wp.com form.jotform.com cdn.jotfor.ms *.cookielaw.org 'sha256-iqOPaRlwwgtNy7J3vh/+LSW9/QVdN+Fl+YfMS8+GcPo=' *.onetrust.com connect.facebook.net 'nonce-LEAdvYu/Rb22kf2M1XQbuDqR' 'report-sample'; style-src 'self' 'unsafe-inline' *.cumulusmedia.com fonts.googleapis.com cdn.jotfor.ms 'report-sample'; img-src 'self' data: *.cumulusmedia.com *.wp.com *.googletagmanager.com *.google-analytics.com *.cookielaw.org; font-src 'self' data: *.cumulusmedia.com fonts.gstatic.com; connect-src 'self' *.cumulusmedia.com *.google-analytics.com *.doubleclick.net submit.jotform.com *.cookielaw.org *.onetrust.com; object-src 'none'; frame-src 'self' *.cumulusmedia.com *.jotform.com; report-uri https://www.cumulusmedia.com/wp-admin/admin-ajax.php?action=wpshr 1
default-src 'self' adobedtm.com *.adobedtm.com adsrvr.org *.adsrvr.org afterpay.com *.afterpay.com bazaarvoice.com *.bazaarvoice.com boldchat.com *.boldchat.com brcdn.com *.brcdn.com cloudflare.com *.cloudflare.com cookielaw.org *.cookielaw.org demdex.net *.demdex.net doubleclick.net *.doubleclick.net ensighten.com *.ensighten.com facebook.com *.facebook.com facebook.net *.facebook.net flipp.com *.flipp.com flippenterprise.net *.flippenterprise.net fullstory.com *.fullstory.com genpt.com *.genpt.com google-analytics.com *.google-analytics.com google.ca *.google.ca google.com *.google.com googletagmanager.com *.googletagmanager.com klaviyo.com *.klaviyo.com launchdarkly.com *.launchdarkly.com maps.googleapis.com *.maps.googleapis.com napacanada.com *.napacanada.com napaonline.com *.napaonline.com newrelic.com *.newrelic.com nr-data.net *.nr-data.net omtrdc.net *.omtrdc.net onetrust.com *.onetrust.com paypal.com *.paypal.com paypalobjects.com *.paypalobjects.com scene7.com *.scene7.com signifyd.com *.signifyd.com simpli.fi *.simpli.fi vimeo.com *.vimeo.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=ZCVPicYq.2qXqWY8W5i7.gWC1UGD1DGsokHjpvPCuF4-1721958698-1.0.1.1-Hh01fD9qmKasBxXWgeQCgVQl9y9zntxsgyQORaM654iP9nSIVxY7D7GRjBcrQVfLcTOlEDJoPOGKvyzude0bX1vBPYfpH2DmJgMcdS8dS42v4gQ.C6XoHzvtuYWJynsYLjMeQIhLIuOHqSiHrLBjPpDg9y14w94Hox_ZYC3QGaZff4ivmv6eduCgFUqG0t95PT.OCom8NpmophwYBoc.OA; report-to cf-wykknqcackdgtpyj 1
report-uri https://events.mercadolibre.com/csp/reports?identifier=jRuisOMjDBl8yf2xetBFynFnOsHb9gusErSA-ooIZNQWVYMAKXgC-Po5d06V_KH5&policy_id=71&user_id=&request_id=91461ede-d096-4f47-8b5f-bfcca34f663e; report-to csp-endpoint; frame-ancestors 'none' 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' hr2day-5629.my.salesforce-sites.com hcaptcha.com *.googleadservices.com googleads.g.doubleclick.net snap.licdn.com bat.bing.com www.redditstatic.com sc-static.net analytics.tiktok.com *.snapchat.com platform.twitter.com content.presspage.com *.unibuddy.co *.ipify.org *.hotjar.com *.windows.net *.customsearch.ai *.msecnd.net *.google.com *.googletagmanager.com *.google-analytics.com wss: *.linkedin.com *.facebook.net *.googleapis.com youtube.com *.youtube.com *.gstatic.com *.jsdelivr.net *.apple.com *.facebook.com *.mzstatic.com data:; img-src 'self' *.inholland.nl *.googletagmanager.com googleads.g.doubleclick.net *.presspage.com *.google-analytics.com *.youtube.com *.ytimg.com alb.reddit.com px.ads.linkedin.com www.google.com www.google.nl *.bing.com www.facebook.com data:; connect-src 'self' *.google-analytics.com *.hotjar.com *.visualstudio.com *.customsearch.ai *.doubleclick.net *.hotjar.io www.redditstatic.com *.snapchat.com analytics.pangle-ads.com analytics.tiktok.com px.ads.linkedin.com region1.analytics.google.com api.presspage.com bat.bing.com *.google.nl; style-src-elem 'self' 'unsafe-inline' content.presspage.com *.windows.net *.googleapis.com; font-src 'self' *.gstatic.com content.presspage.com; frame-src 'self' hr2day-5629.my.salesforce-sites.com *.youtube.com *.unibuddy.co *.google.com *.doubleclick.net *.snapchat.com platform.twitter.com www.facebook.com; frame-ancestors 'self'; report-uri https://cspreporter-inh.azurewebsites.net/api/CspReports 1
object-src 'none';base-uri 'self';script-src 'nonce-PVChutKkwei7KvFMXMYj_Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: unpkg.com *.state.nj.us *.gstatic.com www.redditstatic.com cdn.boomtrain.com *.nj.gov www.google.com i.ytimg.com syndicatedsearch.goog nj.gov t.co events.api.boomtrain.com sp.analytics.yahoo.com public.govdelivery.com l.sharethis.com cdnjs.cloudflare.com dialogflow.cloud.google.com *.rfihub.net *.rfihub.com content.govdelivery.com *.cloudfront.net *.fbcdn.net use.typekit.net alb.reddit.com static.dialogflow.com *.googleapis.com *.sharepoint.com *.facebook.com maxcdn.bootstrapcdn.com *.siteimproveanalytics.io bcvippi02.rightnowtech.com www.njlottery.com *.custhelp.com s.yimg.com use.fontawesome.com siteimproveanalytics.com bcp.crwdcntrl.net live.rezync.com *.adsrvr.org cdn.honey.io analytics.google.com *.arcgis.com ka-f.fontawesome.com www.google-analytics.com people.api.boomtrain.com www.rnengage.com *.addthis.com *.office.com www.googletagmanager.com *.googleadservices.com server.arcgisonline.com *.facebook.net placeimg.com platform-api.sharethis.com region1.google-analytics.com translate.google.com *.twitter.com oss.maxcdn.com clients1.google.com cse.google.com pixel-config.reddit.com *.ads-twitter.com fonts.google.com sdk.amazonaws.com njdoc.gov p.typekit.net adservice.google.com www.youtube.com stackpath.bootstrapcdn.com cognito-identity.us-east-1.amazonaws.com imgssl.constantcontact.com code.jquery.com www.njsp.org *.doubleclick.net *.linkedin.com kit.fontawesome.com *.licdn.com nightly.datatables.net *.adnxs.com cdn.jsdelivr.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net *.beautysuccess.fr fonts.googleapis.com googleapis.com https://cdnjs.cloudflare.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src bid.g.doubleclick.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.weltpixel.com secure-gateway.hipay-tpp.com *.hipay.com libs.hipay.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net *.beautysuccess.fr maps.googleapis.com googleapis.com maps.gstatic.com *.openstreetmap.org api.maptiler.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://www.googletagmanager.com tagmanager.google.com secure-gateway.hipay-tpp.com *.hipay.com mpsnare.iesnare.com *.beautysuccess.fr *.googletagmanager.com maps.googleapis.com googleapis.com api.socloz.com *.hipay-tpp.com https://cdnjs.cloudflare.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com tagmanager.google.com *.hipay.com *.beautysuccess.fr googleapis.com libs.hipay.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src data: mpsnare.iesnare.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io https://www.google-analytics.com *.hipay.com wss://mpsnare.iesnare.com *.beautysuccess.fr api.maptiler.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src  *.zipmoney.com.au *.iyzipay.com *.gstatic.com *.cloudfront.net *.zip.co *.checkout.com data: 'self' 'unsafe-inline';frame-ancestors 'self';frame-src *.euw2.pure.cloud *.adyen.com *.brightcove.net *.salecycle.com *.tradedoubler.com *.pure.cloud 'self' 'unsafe-inline';img-src *.s3.amazonaws.com *.dyson.lv *.zipmoney.com.au *.boldchat.com *.mktgcdn.com *.dyson.vn *.sc-trc.com *.doubleclick.net *.google.com *.doubleclick.net *.google.co.in *.afterpay.com *.euw2.pure.cloud *.facebook.com *.adyen.com *.assetsadobe2.com *.zip.co *.amazonaws.com *.adobe.com *.google-analytics.com *.riskified.com *.dyson.com.ro *.bazaarvoice.com *.omtrdc.net *.yahoo.net *.googletagmanager.com *.brightcove.com *.boltdns.net *.dyson.co.uk data: 'self' 'unsafe-inline';script-src https://mt.adobe.launch.script.test.js/ *.bambuser.com *.boldchat.com *.queue-it.net *.dyson.lv *.cloudfront.net *.dyson.com *.newrelic.com *.googleapis.com *.google-analytics.com *.adobedtm.com *.bazaarvoice.com *.optimizely.com *.nr-data.net *.newrelic.com *.euw2.pure.cloud *.afterpay.com *.googletagmanager.com *.go-mpulse.net *.facebook.net *.brightcove.net *.amazonaws.com *.salecycle.com *.riskified.com *.zencdn.net *.zipmoney.com.au *.zip.co *.pure.cloud blob: 'self' 'unsafe-inline' 'unsafe-eval';style-src *.amazonaws.com *.googleapis.com *.optimizely.com *.checkout.com *.zip.co 'self' 'unsafe-inline';object-src *.euw2.pure.cloud 'self' 'unsafe-inline';child-src *.euw2.pure.cloud blob: 'self' 'unsafe-inline';media-src *.s3.amazonaws.com *.cloudfront.net *.assetsadobe.com *.euw2.pure.cloud blob: 'self' 'unsafe-inline';manifest-src 'self' 'unsafe-inline';connect-src *.dyson.lv *.akstat.io *.boldchat.com wss://websocket.bold360.com *.google.com *.googleadservices.com *.demdex.net wss://webmessaging.euw2.pure.cloud *.nanorep.co *.nr-data.net *.adyen.com *.cloudfront.net *.amazonaws.com *.newrelic.com *.omtrdc.net *.bazaarvoice.com *.go-mpulse.net *.google-analytics.com *.salecycle.com *.doubleclick.net *.zip.co *.riskified.com *.zipmoney.com.au *.pure.cloud *.brightcove.com *.boltdns.net *.akamaihd.net 'self' 'unsafe-inline';base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-ifvrZ2lGIv_jVoV1MeBEiw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com staticw2.yotpo.com static.klaviyo.com *.fontawesome.com *.alothemes.com *.magepow.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com 'self' connect.facebook.net graph.facebook.com business.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com www.youtube.com www.facebook.com tpc.googlesyndication.com pinterest.com tr.snapchat.com ct.pinterest.com paymentcapture.resin.com payments.amazon.com connect.facebook.net graph.facebook.com business.facebook.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com *.gstatic.com *.azureedge.net *.highlights.com bat.bing.com ct.pinterest.com log.pinterest.com markhor.organicfruitapps.com www.facebook.com cdn-vzn.yottaa.net p.yotpo.com collector-9323.us.tvsquared.com tr2.smarterhq.io login.dotomi.com login-ds.dotomi.com sp.analytics.yahoo.com t.co instagram.com d3k81ch9hvuctc.cloudfront.net global.smarterhq.io assets.bounceexchange.com events.bouncex.net tr.snapchat.com idr.cdnwidget.com c.bing.com bam.nr-data.net c.clarity.ms https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.alothemes.com *.magepow.com connect.facebook.net graph.facebook.com business.facebook.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.cloudfront.net *.smarterhq.io *.highlights.com www.facebook.com s.pinimg.com bat.bing.com autolinkmaker.itunes.apple.com collector-9323.us.tvsquared.com assets.pinterest.com payments.qa-cloud.buysub.com identity.qa-cloud.buysub.com static.klaviyo.com s.yimg.com platform.twitter.com static.ads-twitter.com analytics.twitter.com www.google.com www.googleoptimize.com tpc.googlesyndication.com staticw2.yotpo.com https://api.bounceexchange.com/ assets.bounceexchange.com js-agent.newrelic.com/ lsdm.co mpsnare.iesnare.com *.mpsnare.iesnare.com wss://mpsnare.iesnare.com static-tracking.klaviyo.com bam.nr-data.net tag.wknd.ai track.securedvisit.com *.clarity.ms sc-static.net paymentcapture.resin.com cdn.quantummetric.com analytics.tiktok.com paymentcapture-staging.resin.com static-na.payments-amazon.com *.siteintercept.qualtrics.com *.abtasty.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.alothemes.com *.magepow.com connect.facebook.net graph.facebook.com business.facebook.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.highlights.com payments.qa-cloud.buysub.com static.klaviyo.com use.typekit.net p.typekit.net staticw2.yotpo.com *.fontawesome.com https://static.klaviyo.com *.alothemes.com *.magepow.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io *.googleapis.com *.highlights.com ct.pinterest.com stats.g.doubleclick.net bat.bing.com tr2.smarterhq.io payments-api.qa-cloud.buysub.com static-forms.klaviyo.com telemetrics.klaviyo.com a.klaviyo.com s.yimg.com www.facebook.com staticw2.yotpo.com bam.nr-data.net adservice.google.com wss://mpsnare.iesnare.com *.clarity.ms *.cdnbasket.net tr.snapchat.com pd.cdnwidget.com static-na.payments-amazon.com dfp.bouncex.net events.bouncex.net analytics.tiktok.com highlights-app.quantummetric.com *.siteintercept.qualtrics.com *.abtasty.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.alothemes.com *.magepow.com connect.facebook.net graph.facebook.com business.facebook.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src static.klaviyo.com *.abtasty.com 'self' 'unsafe-eval'; base-uri 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-uzdNWM74xUh1EFpPwfIs3g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src https://www.googleoptimize.com https://tagmanager.google.com https://cdn.tagcommander.com https://cdn.trustcommander.net https://www.dwin1.com https://www.googletagmanager.com https://maps.googleapis.com https://www.google-analytics.com https://www.googleadservices.com https://bat.bing.com https://*.doubleclick.net https://www.axa-video.de https://www.google.com https://cdn.ampproject.org https://platform.commandersact.com https://optimize.google.com https://connect.facebook.net https://cdn.trustcommander.net https://dynamic.criteo.com https://static.criteo.net/ *.visualwebsiteoptimizer.com app.vwo.com  https://s.pinimg.com https://ct.pinterest.com 'self' 'unsafe-inline'  'unsafe-eval' blob:   ;style-src https://fonts.googleapis.com https://www.gstatic.com *.visualwebsiteoptimizer.com app.vwo.com 'self' 'unsafe-inline'   ;frame-src https://entry.axa-de.intraxa/ https://entry.axa.de/ https://entry.axa.de https://www.axa-video.de https://www.axa.de https://inte.axa.de https://*.doubleclick.net https://optimize.google.com https://cdn.tagcommander.com https://cdn.trustcommander.net https://www.dwin1.com https://connect.facebook.net https://www.facebook.com https://td.doubleclick.net https://googleads.g.doubleclick.net https://www.awin1.com app.vwo.com *.visualwebsiteoptimizer.com https://ct.pinterest.com 'self'; base-uri 'self'; object-src 'none'; img-src https://ct.pinterest.com https://track.adform.net https://ad.doubleclick.net https://www.facebook.com https://bat.bing.com https://www.google.com https://www.google.de https://www.google-analytics.com https://www.google https://www.googletagmanager.com https://region1.analytics.google.com https://googleads.g.doubleclick.net https://i.ytimg.com https://maps.gstatic.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://adservice.google.com https://fonts.gstatic.com https://stats.g.doubleclick.net *.visualwebsiteoptimizer.com chart.googleapis.com app.vwo.com https://bat.bing.com data: 'self'; form-action 'self'; default-src blob: 'self'; connect-src https://ct.pinterest.com https://www.googleadservices.com https://region1.analytics.google.com https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://bat.bing.com https://privacy.trustcommander.net https://privacy.commander1.net https://privacy.commander1.com https://www.googletagmanager.com https://maps.googleapis.com https://fonts.googleapis.com https://pagead2.googlesyndication.com https://adservice.google.com https://analytics.google.com https://www.google.de https://www.google.com https://api.datacloudstat.com https://api.fbanalytics.org https://region1.google-analytics.com https://ad.doubleclick.net *.visualwebsiteoptimizer.com app.vwo.com 'self'; font-src https://fonts.gstatic.com 'self';report-uri /site/axa-de/cspReportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-rwgywjHHH87FQAC2pE4V3A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https://exlibris.ch https://*.exlibris.ch https://baqend.com https://*.baqend.com; script-src  'self' https://exlibris.ch https://*.exlibris.ch https://baqend.com https://*.baqend.com https://googletagmanager.com https://*.googletagmanager.com https://epoq-systems.de http://epoq-systems.de https://*.epoq-systems.de http://*.epoq-systems.de https://epoq.de http://epoq.de https://*.epoq.de http://*.epoq.de https://google.com https://*.google.com https://googleanalytics.com https://*.googleanalytics.com https://google-analytics.com https://*.google-analytics.com https://googlesyndication.com https://*.googlesyndication.com https://gstatic.com https://*.gstatic.com https://googleapis.com https://*.googleapis.com https://googleadservices.com https://*.googleadservices.com bat.bing.com https://*.hotjar.com https://*.hotjar.io https://datatrans.com https://*.datatrans.com https://cookielaw.org https://*.cookielaw.org https://*.trustpilot.com https://pay.google.com https://sandbox.secure.checkout.visa.com *.kameleoon.eu 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://exlibris.ch https://*.exlibris.ch https://baqend.com https://*.baqend.com exlibris.azureedge.net exlibris.blob.core.windows.net https://epoq.de https://*.epoq.de https://migros.ch https://*.migros.ch https://*.google.de https://*.google.ch https://*.google.com https://*.google.it https://*.google.li https://*.google.tn https://*.google.co.uk https://*.google.com.sa https://*.google.ba https://google-analytics.com https://*.google-analytics.com https://google-analytics.ch https://*.google-analytics.ch https://google.com https://*.google.com https://analytics.google.com https://*.analytics.google.com https://analytics.google.ch https://*.analytics.google.ch https://googleapis.com https://*.googleapis.com bat.bing.com https://doubleclick.net https://*.doubleclick.net https://g.doubleclick.net https://*.g.doubleclick.net https://cookielaw.org https://*.cookielaw.org https://onetrust.com https://*.onetrust.com https://onetrust.io https://*.onetrust.io https://hotjar.com https://*.hotjar.com https://hotjar.io https://*.hotjar.io wss://*.hotjar.com wss://hotjar.com https://raygun.io https://*.raygun.io *.kameleoon.io; style-src 'self' 'unsafe-inline' https://exlibris.ch https://*.exlibris.ch https://baqend.com https://*.baqend.com https://googleapis.com https://*.googleapis.com https://google.com https://*.google.com fast.fonts.net https://epoq-systems.de https://*.epoq-systems.de https://epoq.de https://*.epoq.de http://epoq-systems.de http://*.epoq-systems.de http://epoq.de http://*.epoq.de; img-src 'self' dhttps data: https://baqend.com https://*.baqend.com https://exlibris.ch https://*.exlibris.ch https://googletagmanager.com https://*.googletagmanager.com exlibris.azureedge.net https://epoq-systems.de https://*.epoq-systems.de https://epoq.de https://*.epoq.de http://epoq-systems.de http://*.epoq-systems.de http://epoq.de http://*.epoq.de https://gstatic.com https://*.gstatic.com https://googleapis.com https://*.googleapis.com https://google-analytics.com https://*.google-analytics.com https://doubleclick.net https://*.doubleclick.net https://g.doubleclick.net https://*.g.doubleclick.net https://googlesyndication.com https://*.googlesyndication.com https://*.google.de https://*.google.ch https://*.google.at https://*.google.fr https://*.google.hr https://*.google.dz https://*.google.nl https://*.google.es https://*.google.it https://*.google.li https://*.google.lu https://*.google.sc https://*.google.si https://*.google.co.uk https://*.google.co.in https://*.google.com https://*.google.com.pa https://*.google.com.ph https://*.google.com.gh https://*.google.com.tr https://*.google.com.br https://*.google.com.cy https://hotjar.com https://*.hotjar.com https://hotjar.io https://*.hotjar.io bat.bing.com https://cookielaw.org https://*.cookielaw.org optanon.blob.core.windows.net exlibris.blob.core.windows.net https://migros.ch https://*.migros.ch https://ytimg.com https://*.ytimg.com; media-src 'self' data https://exlibris.ch https://*.exlibris.ch exlibris.blob.core.windows.net https://*.phononet.de/ exlibris.azureedge.net; frame-src 'self' https://exlibris.ch https://*.exlibris.ch https://google.de https://*.google.de https://google.com https://*.google.com https://googletagmanager.com https://*.googletagmanager.com https://googlesyndication.com https://*.googlesyndication.com https://youtube.com https://*.youtube.com https://datatrans.com https://*.datatrans.com https://bic-media.com https://*.bic-media.com https://youtube-nocookie.com https://*.youtube-nocookie.com https://doubleclick.net https://*.doubleclick.net https://hotjar.com https://*.hotjar.com https://hotjar.io https://*.hotjar.io https://tradedoubler.com https://*.tradedoubler.com https://blickinsbuch.de https://*.blickinsbuch.de https://book2look.com https://*.book2look.com https://postfinance.ch https://*.postfinance.ch https://viseca.ch/ https://*.viseca.ch/ https://bonuscard.ch/ https://*.bonuscard.ch/ https://3ds.bonuscard.ch/ https://*.3ds.bonuscard.ch/ https://arcot.com/ https://*.arcot.com/ https://*.trustpilot.com https://pay.google.com https://sandbox.secure.checkout.visa.com https://3d.datatrans.com https://3d.sandbox.datatrans.com; font-src 'self' data https://exlibris.ch https://*.exlibris.ch https://baqend.com https://*.baqend.com https://gstatic.com https://*.gstatic.com https://google.com https://*.google.com https://hotjar.com https://*.hotjar.com https://hotjar.io https://*.hotjar.io; manifest-src 'self' https://exlibris.ch https://*.exlibris.ch https://baqend.com https://*.baqend.com; frame-ancestors 'self' https://exlibris.ch https://*.exlibris.ch; report-uri /loc/csp-report 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.authorize.net *.google.com cdnjs.cloudflare.com cdn.rawgit.com maps.googleapis.com rw1.marchex.io connect.facebook.net googleads.g.doubleclick.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com cdn.jsdelivr.net *.youtube.com *.vimeo.com s.ytimg.com *.googlesyndication.com *.hotjar.com unpkg.com *.googleapis.com investors.danaher.com cdn.cookielaw.org *.onetrust.com *.marketingcloudfx.com *.leadmanagerfx.com *.usefathom.com; object-src *.oembed.com *.vimeo.com *.youtube.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com *.gstatic.com *.typekit.net *.jsdelivr.net maxcdn.bootstrapcdn.com investors.danaher.com *.onetrust.com; img-src 'self' 'unsafe-inline' data: maps.googleapis.com px.marchex.io *.facebook.com *.google.com *.gstatic.com cdn.rawgit.com raw.githubusercontent.com *.g.doubleclick.net *.google-analytics.com *.googletagmanager.com zensource-salisbury.s3.amazonaws.com chat.mcsoftware.com *.timevaluecalculators.com *.ytimg.com cdn.cookielaw.org *.vimeocdn.com *.usefathom.com; media-src *.vimeo.com *.youtube.com *.spotify.com *.vimeocdn.com 'self'; frame-src 'self' 'unsafe-inline' *.doubleclick.net *.google.com players.brightcove.net *.youtube.com *.googletagmanager.com vars.hotjar.com *.spotify.com *.vimeo.com player.vimeo.com; font-src data: 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.onetrust.com; connect-src 'self' 'unsafe-inline' *.authorize.net *.facebook.com *.onetrust.com stats.addtoany.com *.google-analytics.com cdn.cookielaw.org *.hotjar.com:* *.hotjar.com:* vc.hotjar.io:* wss://*.hotjar.com stats.g.doubleclick.net *.clarity.ms privacyportal-de.onetrust.com *.marketingcloudfx.com  *.leadmanagerfx.com; report-uri /report-csp-violation 1
connect-src 'self' https://cdn.cookielaw.org https://script.crazyegg.com https://stats.g.doubleclick.net https://analytics.google.com https://www.google-analytics.com https://js.hs-banner.com https://forms.hsforms.com https://api.hubapi.com https://forms.hubspot.com https://px.ads.linkedin.com https://*.litix.io https://geolocation.onetrust.com https://plausible.io https://*.taboola.com https://*.wistia.com https://browser-intake-datadoghq.com ;font-src 'self' data: https://use.typekit.net https://fast.wistia.com ;frame-src 'self' https://td.doubleclick.net https://www.facebook.com https://www.instagram.com ;img-src data: 'self' https://*.chanzuckerberg.com https://chanzuckerberg.com https://cdn.cookielaw.org https://pubads.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com https://forms-na1.hsforms.com https://track.hubspot.com https://px.ads.linkedin.com https://t.co https://analytics.twitter.com https://*.wistia.com https://pixel.wp.com ;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: ;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: https://static.ads-twitter.com https://cdn.cookielaw.org https://script.crazyegg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hsforms.net https://js.hsleadflows.net https://platform.instagram.com https://snap.licdn.com https://plausible.io https://js.sentry-cdn.com https://cdn.taboola.com https://trc.taboola.com https://fast.wistia.com https://stats.wp.com ;style-src 'unsafe-inline' 'self' ;style-src-attr 'unsafe-inline' 'self' ;style-src-elem 'self' 'unsafe-inline' https://p.typekit.net https://use.typekit.net ;report-to csp-endpoint ;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubee796abd71ff260dba67db9985d02ee4&dd-evp-origin=content-security-policy&ddsource=csp-report ; 1
default-src 'self'; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' https://legacy.bizagi.com/widgetxchange https://legacy.bizagi.com/connectorxchange https://legacy.bizagi.com/processxchange https://ads.avocet.io/s https://api8842.d41.co/sync/ https://cdn-0.d41.co/tags/dnb_coretag_v4.min.js https://cdn-ukwest.onetrust.com https://fast.wistia.com/assets/external/E-v1.js https://fast.wistia.net/assets/external/E-v1.js https://go.bizagi.com https://rules.quantcount.com/rules-p-dqL8dKXwytyHn.js https://secure.quantserve.com/quant.js https://static.hotjar.com https://ws.zoominfo.com/pixel/60f704e07d506a0012173451 https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://fast.wistia.com/embed/medias/6ouujy4kfq.jsonp https://fast.wistia.com/assets/external/translations/es.js https://www.googletagmanager.com https://fast.wistia.com/assets/external/wistia-mux.js https://fast.wistia.com/assets/external/videoThumbnail.js https://fast.wistia.com/assets/external/engines/hls_video.js https://fast.wistia.com/assets/external/playPauseLoadingControl.js https://fast.wistia.com/assets/external/interFontFace.js https://fast.wistia.com/assets/external/allIntegrations.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/4rwLQsl5N_ccppoTAwwwMrEN/recaptcha__es_419.js https://resourcesbizagi.azureedge.net/docs/MailChecker.js https://jsonip.com/ https://script.hotjar.com https://bizagi.com/en/lottie-player.js https://www.gstatic.com/recaptcha/releases/4rwLQsl5N_ccppoTAwwwMrEN/recaptcha__es.js https://*.hotjar.com/ https://tags.clickagy.com/data.js https://tribl.io/h.js https://tribl.io/footer.js https://tribl.io/analytics.js https://fast.wistia.com/embed/medias/8xwdohsz1t.jsonp https://fast.wistia.com/ https://googleads.g.doubleclick.net/ https://snap.licdn.com/ https://tracking.g2crowd.com/ https://cdn.bizible.com/scripts/bizible.js; style-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://go.bizagi.com; object-src 'none'; base-uri 'self'; connect-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.clickagy.com https://vc.hotjar.io https://jproduction-bizagi.cloud.jahia.com https://legacy.bizagi.com/widgetxchange/services https://ws.zoominfo.com https://legacy.bizagi.com/connectorxchange/services https://legacy.bizagi.com/processxchange/services https://api8842.d41.co https://cdn-ukwest.onetrust.com https://distillery.wistia.com https://embed-fastly.wistia.com https://embedwistia-a.akamaihd.net https://fg8vvsvnieiv3ej16jby.litix.io https://in.hotjar.com https://pipedream.wistia.com https://stats.g.doubleclick.net https://www.google-analytics.com https://esb-bizagi.bizagi.com/oauth2/server/token https://dxp-dev.bizagi.com/en/countries.json https://dxp-dev.bizagi.com/en/jobrole.json https://dxp-dev.bizagi.com/en/type.json https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://bizagi.com/en/bizagi-loader.json https://privacyportal-uk.onetrust.com/request/v1/consentreceipts https://esb-bizagi.bizagi.com/oData/data/processes(056561d8-3a8e-4546-9489-bbaa2ea29bf4)/start https://fast.wistia.com/embed/medias/8xwdohsz1t.m3u8 https://fast.wistia.com/ https://px.ads.linkedin.com/; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://fast.wistia.net https://go.bizagi.com https://vars.hotjar.com https://www.youtube.com https://www.google.com/ https://td.doubleclick.net/; img-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://legacy.bizagi.com/widgetxchange/Resources https://legacy.bizagi.com/connectorxchange/Resources https://legacy.bizagi.com/processxchange/Resources https://embed-fastly.wistia.com https://embedwistia-a.akamaihd.net https://fast.wistia.com https://pixel.quantserve.com https://www.google-analytics.com https://www.google.com https://www.google.com.co https://www.google.com.uk https://www.google.co/ https://www.google.es/ https://x.bidswitch.net https://legacy.bizagi.com/connectorxchange/Resources/c73836db-f498-4027-8395-611484c9e219/images/icon-xchange.svg https://tribl.io/_t.gif https://www.google.com.co/ads/ga-audiences https://embed-ssl.wistia.com/deliveries/76dc36db0c7dabefae0fdfebccefc15d.webp https://embed-ssl.wistia.com/ https://px.ads.linkedin.com/ https://cdn.bizible.com/ https://resourcesbizagi.azureedge.net/images/ico/favicon.ico; manifest-src 'self'; media-src blob: 'self'; worker-src blob:;; report-uri /sites/bizagi/home.contentSecurityPolicyReportOnly.do 1
default-src 'self' cdn.yellowmessenger.com fonts.gstatic.com www.g2.com; script-src 'self' f.vimeocdn.com js-agent.newrelic.com cdn.yellowmessenger.com pi.pardot.com bam.nr-data.net go.leadspace.com cdnjs.cloudflare.com sfc.leadspace.com www.googletagmanager.com cmp.osano.com www.google-analytics.com googleads.g.doubleclick.net snap.licdn.com stats.sa-as.com metadata-static-files.sfo2.cdn.digitaloceanspaces.com connect.facebook.net tracking.g2crowd.com static.hotjar.com www.g2.com script.hotjar.com platform.twitter.com static.ads-twitter.com; style-src 'self' cdn.jsdelivr.net fonts.googleapis.com cdnjs.cloudflare.com www.g2.com; img-src 'self' www.g2.com px.ads.linkedin.com media-exp1.licdn.com stats.sa-as.com px4.ads.linkedin.com www.google.com p.adsymptotic.com www.facebook.com cdn.yellowmessenger.com 1
font-src fonts.gstatic.com use.typekit.net *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.yotpo.com *.bootstrapcdn.com *.fontawesome.com data: *.audioeye.com *.cloudmaestro.com *.webscalenetworks.net use.fontawesome.com maxcdn.bootstrapcdn.com *.narvar.com *.narvar.qa dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.twitter.com *.facebook.com *.yotpo.com swellrewards.com *.swellrewards.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.signifyd.com *.braintreegateway.com *.kaptcha.com *.google.com/ https://www.youtube.com *.twitter.com *.online-metrix.net *.paypal.com *.olark.com *.audioeye.com *.force.com *.doubleclick.net *.facebook.com *.dotdigital-pages.com *.cdn-btsg.com *.pinterest.com *.adsrvr.org *.attn.tv *.paypalobjects.com *.yotpo.com swellrewards.com *.swellrewards.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com https://plumrocket.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com store.paradoxlabs.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.gstatic.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.youtube.com *.lightemporium.com *.usercentrics.eu *.yotpo.com *.snakeriverfarms.com *.signifyd.com *.online-metrix.net *.narvar.com *.olark.com *.cdninstagram.com *.cloudfront.net *.fbcdn.net *.cloudmaestro.com *.bing.com *.google.com *.google.com.pk *.webscalenetworks.net *.facebook.net *.a.klaviyo.com *.klaviyo.com *.cookiepro.com *.cdn-btsg.com *.payments-amazon.com *.nr-data.net *.pinterest.com *.adsrvr.org *.steelhousemedia.com *.googletagmanager.com swellrewards.com *.swellrewards.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.narvar.qa https://www.magezon.com shareasale.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://static.afterpay.com https://site-assets.afterpay.com/ dhv2ziothpgrr.cloudfront.net https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com commerce.adobedtm.com www.sandbox.paypal.com t.paypal.com assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com www.googletagmanager.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.attn.tv events.attentivemobile.com *.cloudflare.com *.braintreegateway.com *.braintree-api.com *.twitter.com *.google-analytics.com *.googleapis.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.cardinalcommerce.com *.ccdc02.com *.authorize.net *.yotpo.com *.googlecommerce.com *.google.com/ *.algolia.net *.signifyd.com *.paypal.com *.narvar.com *.olark.com *.amazon.com *.swellrewards.com *.audioeye.com *.cloudmaestro.com *.newrelic.com *.nr-data.net *.googletagmanager.com *.bing.com *.doubleclick.net *.force.com *.salesforceliveagent.com *.webscalenetworks.net 'self' data: *.facebook.net *.dotdigital-pages.com *.cookiepro.com *.cdn-btsg.com *.pinimg.com *.mountain.com *.adsrvr.org *.impactcdn.com swellrewards.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com *.dwin1.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.yotpo.com *.bootstrapcdn.com *.narvar.com *.olark.com *.audioeye.com *.cloudmaestro.com *.force.com *.webscalenetworks.net *.a.klaviyo.com *.klaviyo.com *.cookiepro.com swellrewards.com *.swellrewards.com maxcdn.bootstrapcdn.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com tagmanager.google.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.narvar.com *.narvar.qa *.olark.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com commerce.adobedtm.com commerce.adobedc.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolianet.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.attn.tv events.attentivemobile.com *.yotpo.com *.signifyd.com *.signifyd.com:11103 *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.braintree-api.com *.braintreegateway.com *.olark.com *.vimeo.com *.audioeye.com *.nr-data.net *.doubleclick.net *.google-analytics.com *.bing.com *.a.klaviyo.com *.klaviyo.com *.cookiepro.com *.onetrust.com *.cdn-btsg.com *.googleapis.com *.pinterest.com *.google.com swellrewards.com *.swellrewards.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com google.com https://www.google-analytics.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-5ux7WAMQutNaKWd5YOckbw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=AI20TSH9bdOK7agH0QUo62jYfwlWP.Fk9dsYhx5rBCE-1721955928-1.0.1.1-gtf6ZUqE9lNzqXNmDHCR.5GmM34ly96DVwj0_3jkXw18rMqO43KZXxPt9YONqVnnGc1pGgBaUaEenRtyyDCEaicNDkHs4XsO.Uzk2i_BTPWfyZtjRh2Ms_8FHY9xtq2wgZpaSheJXCkyu4h7gYjOEySOovQUVEOMGlGaSeLbDpmCK_qKN1hLaq4NyaZsrUak87vHW7LzohRuMw8ILIWbxA; report-to cf-zymlraudaessxygu 1
font-src fonts.gstatic.com use.typekit.net https://fonts.gstatic.com *.gstatic.com data: *.klarnacdn.net *.fontawesome.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klarna.com *.playground.klarna.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.facebook.com *.bing.com *.coccinelle.com stileo.it *.cookiebot.com *.google.it *.klarnacdn.net *.klarnaservices.com *.playground.klarnaservices.com *.klarna.com *.klarnaevt.com *.webtrekk.net *.wt-eu02.net https://fbc.wcfbc.net https://*.flx1.com/ https://dmp.adform.net/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.adyen.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de kit.fontawesome.com *.cookiebot.com *.jsdelivr.net *.facebook.net *.clarity.ms *.bing.com glamipixel.com *.coccinelle.com *.rakuten.com *.rmtag.com *.criteo.com *.adobedtm.com *.cardinalcommerce.com *.doubleclick.net *.google.com *.r-data.net *.accelasearch.io *.klarnacdn.net *.klarnaservices.com *.playground.klarnaservices.com *.klarna.com *.avada.io https://responder.wt-safetag.com https://*.flx1.com/ https://www.googletagmanager.com https://*.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cdn.scalapay.com b2c-cdn.scalapay.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.klarnacdn.net *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net *.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adobe.io performance.typekit.net *.sentry.io *.adyen.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.cookiebot.com *.googlesyndication.com *.google-analytics.com *.doubleclick.net *.coccinelle.com *.criteo.com *.klarnaevt.com *.playground.klarnaevt.com *.klarnaservices.com *.playground.klarnaservices.com *.klarnacdn.net *.klarna.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io https://*.flx1.com/ https://*.gstatic.com https://jamie.g.shortest-route.com https://*.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-_UcoLSVnn2xXsaf0aU_gcg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src  *.zipmoney.com.au *.iyzipay.com *.gstatic.com *.cloudfront.net *.zip.co *.checkout.com data: 'self' 'unsafe-inline';frame-ancestors 'self';frame-src *.euw2.pure.cloud *.demdex.net *.brightcove.net *.adyen.com *.salecycle.com *.cloudfront.net *.tradedoubler.com 'self' 'unsafe-inline';img-src *.dyson.lt *.afterpay.com *.zipmoney.com.au *.demdex.net *.everesttech.net *.bazaarvoice.com *.sc-trc.com *.doubleclick.net *.dyson.vn *.facebook.com *.euw2.pure.cloud *.adyen.com *.assetsadobe2.com *.amazonaws.com *.adobe.com *.google-analytics.com *.riskified.com *.google.com *.google.co.in *.omtrdc.net *.googletagmanager.com *.zip.co *.dyson.co.uk *.brightcove.com *.boltdns.net *.dyson.com.ro data: 'self' 'unsafe-inline';script-src https://mt.adobe.launch.script.test.js/ *.boldchat.com *.queue-it.net *.newrelic.com *.cloudfront.net *.dyson.com *.googleapis.com *.google-analytics.com *.adobedtm.com *.bazaarvoice.com *.optimizely.com *.nr-data.net *.newrelic.com *.euw2.pure.cloud *.googletagmanager.com *.go-mpulse.net *.facebook.net *.channeladvisor.com *.brightcove.net *.amazonaws.com *.salecycle.com *.zip.co *.afterpay.com *.zipmoney.com.au *.riskified.com *.zencdn.net blob: 'self' 'unsafe-inline' 'unsafe-eval';style-src *.googleapis.com *.optimizely.com *.checkout.com *.zip.co 'self' 'unsafe-inline';object-src *.euw2.pure.cloud 'self' 'unsafe-inline';child-src *.euw2.pure.cloud blob: 'self' 'unsafe-inline';media-src *.s3.amazonaws.com *.cloudfront.net *.assetsadobe.com *.euw2.pure.cloud blob: 'self' 'unsafe-inline';manifest-src 'self' 'unsafe-inline';connect-src *.akstat.io *.cloudfront.net *.bazaarvoice.com wss://websocket.bold360.com *.nr-data.net *.googleadservices.com *.adyen.com *.amazonaws.com *.google.com *.newrelic.com *.omtrdc.net *.go-mpulse.net *.google-analytics.com *.dyson.lt *.doubleclick.net *.google-analytics.com *.demdex.net *.salecycle.com wss://webmessaging.euw2.pure.cloud *.zip.co *.riskified.com *.zipmoney.com.au *.boltdns.net *.pure.cloud *.akamaihd.net *.brightcove.com 'self' 'unsafe-inline';base-uri 'self' 'unsafe-inline'; 1
upgrade-insecure-requests; script-src 'none'; object-src 'none'; frame-ancestors 'self' 1
default-src 'self' https: http: 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com ; script-src 'unsafe-inline' https: http: 'unsafe-eval' https://www.gstatic.com ; report-uri /csp-violation/ 1
object-src 'none';base-uri 'self';script-src 'nonce-YGzlc05rahtD8BTpgDxyBQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src * 'self' data: blob: 'unsafe-inline' 'unsafe-eval' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.mogucdn.com https://*.mogucdn.com http://*.juangua.com https://*.juangua.com http://*.meilishuo.com https://*.meilishuo.com http://*.meilishuo.net https://*.meilishuo.net http://*.mogujie.com https://*.mogujie.com http://*.qq.com https://*.qq.com http://*.mogujie.org https://*.mogujie.org http://*.meili-inc.com https://*.meili-inc.com http://*.mogu.com https://*.mogu.com http://*.mogu-inc.com https://*.mogu-inc.com; report-uri http://sd.mogujie.com/index.php 1
default-src *; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https: data: blob:; img-src 'self' https: data:; connect-src *; font-src 'self' https: data:; media-src 'self' https: data:; report-uri *; child-src *; form-action * *.simplesat.io; frame-ancestors *; object-src *; frame-src *; worker-src *; manifest-src *; navigate-to *; base-uri * 1
default-src 'self' *.viabenefits.com; style-src 'self' *.viabenefits.com *.cobrowse.pega.com 'unsafe-inline'; connect-src 'self' localhost:7777 *.viabenefits.com *.fullstory.com *.qualtrics.com *.comm100.io *.launchdarkly.com *.services.visualstudio.com *.applicationinsights.azure.com cdn.jsdelivr.net www.google-analytics.com *.usw2.pure.cloud; img-src 'self' data: *.viabenefits.com *.qualtrics.com *.comm100.io https://rs.fullstory.com media.umbraco.io i.vimeocdn.com content.destinationrx.com content.sunfirematrix.com *.cloudfront.net;script-src 'self' *.viabenefits.com *.cobrowse.pega.com *.fullstory.com www.googletagmanager.com js.monitor.azure.com *.qualtrics.com *.comm100.com 'unsafe-eval' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-PK72zRafneT_Uu1hk-CocQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.gstatic.com data: *.cloudflare.com *.typekit.net *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.sharethis.com www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.superoffice.com *.addthis.com *.google.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com *.gstatic.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.ytimg.com *.lightemporium.com *.usercentrics.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.cloudflare.com *.google-analytics.com *.google.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com unsafe-inline *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.googleapis.com *.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; img-src 'self' http: https: *.google.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com cdn.appdynamics.com col.eum-appdynamics.com fonts.gstatic.com ajax.googleapis.com www.googleapis.com fonts.googleapis.com use.fontawesome.com www.w3schools.com home.textkernel.nl staging.textkernel.nl www.dropbox.com apis.google.com www.google.com html5shim.googlecode.com media.readspeaker.com s7.addthis.com d2sl310zdnr3q6.cloudfront.net www.google-analytics.com https://apps.knollenstein.com https://appsdev.knollenstein.com font.visma.com *.easycruit.com m.addthis.com api-public.addthis.com flowanalytic.site networkanalytics.xyz knowledge-and-support-center.visma.net m.addthisedge.com apply.indeed.com content.googleapis.com commondatastorage.googleapis.com themes.googleusercontent.com www.googletagmanager.com fast.fonts.net db.onlinewebfonts.com hello.myfonts.net cdnjs.cloudflare.com d1fc8wv8zag5ca.cloudfront.net connect.facebook.net emea3.recruitmentplatform.com tag.goldenbees.fr s.ytimg.com www.findizer.fr webfonts.zohostatic.com platform.linkedin.com zgao.nl cdn.ontame.io *.ziggeo.com *.amazonaws.com api-eu-west-1.ziggeo.com embed-cdn-eu-west-1.ziggeo.com embed-eu-west-1.ziggeo.com assets.ziggeo.com hc-cdn.visma.net cdn.wootric.com production.wootric.com eligibility.wootric.com *.onetrust.com cdn.cookielaw.org https://storage.googleapis.com/snowplow-cto-office-tracker-bucket/3.1.1/sp.js https://snowplow.visma.com/com.snowplowanalytics.snowplow/tp2 *.sharethis.com www.gstatic.com easycruit.com; img-src 'self' data: * 'unsafe-inline' 'unsafe-eval'; report-uri https://easycruit.com/api/logging/v1/csp-report 1
object-src 'none';base-uri 'self';script-src 'nonce-_SZCcGq4VgYfJ3cKmALDMA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/mapsplatform_google_com 1
base-uri 'self'; default-src 'self'; connect-src 'self' https://kst-admin.thg-corporate.com https://www.facebook.com https://www.google-analytics.com;frame-ancestors 'none'; font-src 'self' data: 'unsafe-inline' https://fcdn.thg-corporate.com/; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://player.vimeo.com https://*.vimeocdn.com https://*.facebook.com; img-src 'self'  https://fcdn.thg-corporate.com/ https://www.googletagmanager.com https://www.google-analytics.com https://www.facebook.com; child-src 'self'; script-src 'self' 'strict-dynamic' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://fcdn.thg-corporate.com/; object-src 'none'; script-src-elem 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net; worker-src 'none'; media-src 'self' https://fcdn.thg-corporate.com/ https://*.gstatic.com; report-uri https://csp.thehut.net/cspReport.txt 1
report-uri /csp_report;base-uri 'self';default-src 'self' blob: data: js.intercomcdn.com intercom.help *.intercom.io intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net fonts.gstatic.com *.hotjar.com www.facebook.com bid.g.doubleclick.net googleads.g.doubleclick.net https://*.googlesyndication.com *.fontawesome.com www.google.com assets.nflxext.com accounts.google.com *.googleapis.com https://dev-ipg.icards.eu https://api2.amplitude.com/2/httpapi https://*.clarity.ms *.paypal.com *.sandbox.paypal.com;object-src 'self' blob: neterra.tv *.neterra.tv;style-src 'self' 'unsafe-inline' https://googleads.g.doubleclick.net fonts.googleapis.com https://tagmanager.google.com https://fonts.googleapis.com ia.media-imdb.com https://api2.amplitude.com/2/httpapi;img-src * https: data:;connect-src 'self' neterra.tv payments.neterra.tv wss://elk-stats.neterra.tv 127.0.0.1:8999 staging.neterra.tv *.google-analytics.com analytics.google.com *.analytics.google.com region1.analytics.google.com *.googlesyndication.com http://sumo.com *.sumo.com *.hotjar.com www.google.bg www.google.com stats.g.doubleclick.net *.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com *.neterra.tv:443 www.facebook.com *.fontawesome.com csi.gstatic.com fundingchoicesmessages.google.com securepubads.g.doubleclick.net https://dev-ipg.icards.eu https://api2.amplitude.com/2/httpapi sumome.com *.sumome.com www.sandbox.paypal.com https://*.mdc.akamaized.net https://*.google.com https://www.clarity.ms https://www.paypal.com https://*.clarity.ms www.google.co.uk https://adservice.google.com https://*.visualwebsiteoptimizer.com;script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' *.geotrust.com www.geotrust.com www.gstatic.com ia.media-imdb.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net *.googlesyndication.com p.media-imdb.com *.facebook.com *.facebook.net *.sumo.com *.hotjar.com *.intercom.io js.intercomcdn.com https://www.googletagmanager.com https://adservice.google.bg https://adservice.google.com https://www.googletagservices.com *.fontawesome.com appleid.cdn-apple.com apis.google.com partner.googleadservices.com www.google.com securepubads.g.doubleclick.net fundingchoicesmessages.google.com *.googleapis.com *.google.com *.2mdn.net https://dev-ipg.icards.eu https://api2.amplitude.com/2/httpapi https://*.clarity.ms https://*.sumome.com *.paypal.com static.cloudflareinsights.com www.youtube.com load.sumome.com sumome.com https://www.paypalobjects.com https://*.visualwebsiteoptimizer.com https://*.tiny.cloud;form-action 'self' https://neterra.tv www.facebook.com epay.bg www.epay.bg demo.epay.bg https://dev-ipg.icards.eu https://api2.amplitude.com/2/httpapi *.paypal.com;media-src 'self' *.neterra.tv neterra.tv *.googlevideo.com *.googleapis.com https://api2.amplitude.com/2/httpapi *.clarity.ms blob: *.mdc.akamaized.net;font-src 'self' data: fonts.intercomcdn.com *.fontawesome.com fonts.gstatic.com;frame-src 'self' data: td.doubleclick.net www.google.com tpc.googlesyndication.com googleads.g.doubleclick.net pagead2.googlesyndication.com www.youtube.com https://www.paypalobjects.com https://accounts.google.com 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.facebook.net cdn.jsdelivr.net www.googletagmanager.com *.doubleclick.net esse.riafy.in *.googleapis.com unpkg.com *.gstatic.com www.kvb.co.in analytics.google.com ilogin.kvb.co.in *.facebook.com cdnjs.cloudflare.com www.google.co.in www.youtube.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.hyundaidealer.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src use.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com *.bootstrapcdn.com *.trackcmp.net *.hotjar.com *.google-analytics.com *.nr-data.net *.typeform.com *.yotpo.com *.googleapis.com *.gstatic.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.yotpo.com swellrewards.com *.swellrewards.com https://plumrocket.com 'self' business.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.yotpo.com swellrewards.com *.swellrewards.com *.google.com https://plumrocket.com *.hotjar.com *.addthis.com *.libsyn.com *.locally.com *.sheerid.com *.wayin.com *.newtonsoftware.com https://recruitingbypaycor.com/ *.curalate.com *.formstack.com *.trackcmp.net *.google-analytics.com *.nr-data.net data: *.typeform.com *.pagescdn.com *.yextpages.net business.facebook.com *.googleapis.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.yotpo.com swellrewards.com *.swellrewards.com store.paradoxlabs.com *.google.com *.mageside.com mageside.com *.bc0a.com *.curalate.com *.s3.amazonaws.com *.amazonaws.com *.leupold.com *.googleapis.com *.gstatic.com *.trackcmp.net *.hotjar.com *.google-analytics.com *.nr-data.net *.typeform.com *.b0e8.com https://img.youtube.com business.facebook.com maps.gstatic.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.yotpo.com swellrewards.com *.swellrewards.com s7.addthis.com *.google.com *.gstatic.com *.authorize.net *.hotjar.com *.curalate.com *.app-us1.com *.avmws.com *.acsbapp.com acsbapp.com *.googleapis.com *.googletagmanager.com *.paypalobjects.com *.sheerid.com *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.cloudfront.net *.locally.com *.wayin.com *.activehosted.com *.newtonsoftware.com recruitingbypaycor.com *.leupold.com *.trackcmp.net *.google-analytics.com trackcmp.net *.vimeo.com *.apptrian.com *.facebook.com *.typeform.com *.sitescdn.net *.yextpages.net *.pagescdn.com *.b0e8.com *.bc0a.com *.kaptcha.com business.facebook.com https://www.googletagmanager.com tagmanager.google.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.yotpo.com swellrewards.com *.swellrewards.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.sheerid.com *.bootstrapcdn.com *.trackcmp.net *.hotjar.com *.google-analytics.com *.nr-data.net *.typeform.com *.sitescdn.net tagmanager.google.com *.googleapis.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src *.trackcmp.net *.hotjar.com *.google-analytics.com *.nr-data.net *.doubleclick.net *.typeform.com 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.yotpo.com swellrewards.com *.swellrewards.com ekr.zdassets.com/ *.authorize.net *.bc0a.com *.hotjar.com wss://*.hotjar.com *.addthis.com *.googleapis.com *.acsbapp.com *.curalate.com *.hotjar.io *.trackcmp.net *.google-analytics.com *.g.doubleclick.net *.typeform.com *.pagescdn.com *.yext.com *.yext-pixel.com *.kaptcha.com business.facebook.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src 'self' data:; 1
object-src 'none';base-uri 'self';script-src 'nonce-cutSpS3e2gedamRrcqytbQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'none'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-9iVemNWf2TYRNkLpoJRoiw==' 1
default-src 'self' https: data: wss: http: umbraco.tv packages.umbraco.org our.umbraco.org; block-all-mixed-content; form-action https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com umbraco.tv packages.umbraco.org our.umbraco.org code.jquery.com fonts.googleapis.com use.typekit.net unpkg.com cdn.jsdelivr.net ajax.aspnetcdn.com kit.fontawesome.com www.googletagmanager.com www.recaptcha.net www.google.com www.google-analytics.com www.gstatic.com js.authorize.net jstest.authorize.net;font-src 'self' https: data: fonts.gstatic.com use.typekit.net kit-pro.fontawesome.com;img-src 'self' https: data: umbraco.tv packages.umbraco.org our.umbraco.org p.typekit.net www.goole-analytics.com www.gstatic.com www.googletagmanager.com;media-src https: data: umbraco.tv packages.umbraco.org our.umbraco.org p.typekit.net;style-src 'self' 'unsafe-inline' https: data: use.typekit.net p.typekit.net fonts.googleapis.com kit-pro.fontawesome.com unpkg.com cdn.jsdelivr.net; 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.woodpeck.com fonts.gstatic.com cdn.materialdesignicons.com mediacdn.espssl.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.networkmerchants.com www.google.com vars.hotjar.com www.paypalobjects.com *.g.doubleclick.net *.vimeo.com www.youtube-nocookie.com *.listrak.com secure.windriverfinancialgateway.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.networkmerchants.com *.gstatic.com *.googleapis.com *.facebook.com flagpedia.net https://redchamps.com maps.gstatic.com *.woodpeck.com *.bm23.com *.g.doubleclick.net www.google.ae www.google.am www.google.com.ar www.google.at www.google.com.au www.google.az www.google.be www.google.com.bh www.google.com.br www.google.com.bs www.google.by www.google.ca www.google.ch www.google.cl www.google.com.co www.google.co.cr www.google.com.cy www.google.cz www.google.de www.google.dk www.google.com.do www.google.ee www.google.es www.google.fi www.google.fr www.google.gy www.google.com.hk www.google.hr www.google.hu www.google.gr www.google.co.id www.google.ie www.google.co.il www.google.co.in www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.com.lb www.google.lk www.google.lu www.google.lv www.google.co.kr www.google.com.kw www.google.kz www.google.mk www.google.mn www.google.mw www.google.com.mx www.google.com.my www.google.com.ng www.google.nl www.google.no www.google.co.nz www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.pl www.google.com.pr www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.com.sa www.google.se www.google.com.sg www.google.si www.google.sk www.google.com.sv www.google.co.th www.google.com.tr www.google.com.tw www.google.com.ua www.google.co.uk www.google.com.uy www.google.co.za translate.google.com www.facebook.com mediacdn.espssl.com *.listrakbi.com code.jquery.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.networkmerchants.com polyfill.io *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googletagmanager.com *.facebook.net *.avada.io maps.googleapis.com *.woodpeck.com *.hotjar.com *.g.doubleclick.net browser-update.org www.google.com *.algolia.net *.algolianet.com connect.facebook.net *.listrak.com *.listrakbi.com code.jquery.com secure.windriverfinancialgateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.networkmerchants.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com *.woodpeck.com *.googleapis.com translate.google.com cdn.materialdesignicons.com secure.windriverfinancialgateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.networkmerchants.com *.algolia.net *.algolianet.com *.insights.algolia.io insights.algolia.io *.googleapis.com *.google-analytics.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com *.woodpeck.com *.hotjar.com *.hotjar.io secure.windriverfinancialgateway.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://woodpeck.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
frame-ancestors 'self' https://app.contentful.com; worker-src blob:; default-src 'self' gap: ws: 'unsafe-inline' 'unsafe-eval' data: api.country.is vercel.live vercel.app *.vercel.live *.vercel.app safevisit.online contentful.com *.contentful.com *.googleapis.com *.youtube.com *.paypal.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.com.ph *.google.ca *.google.ie *.google.co.in *.facebook.com *.amazonaws.com *.cloudfront.net *.googletagservices.com pay.google.com *.s3.amazonaws.com google.com *.sitkagear.com js.narvar.com cdn.searchspring.net js.klarna.com manifest.webmanifest cdn.tailwindcss.com cdn.cookielaw.org api.yotpo.com cdn-widgetsrepository.yotpo.com *.yotpo.com *.searchspring.io *.bigcommerce.com *.locally.com *.ctfassets.net *.onetrust.com *.criteo.com *.avmws.com *.safevisit.online *.gtm-msr.appspot *.dynamic.criteo.com *.facebook.net *.klaviyo.com *.zdassets.com *.browser-intake-datadoghq *.vercel-insights.com *.csper.io klarnaservices.com *.klarnaservices.com *.datadoghq-browser-agent.com datadoghq-browser-agent.com *.browser-intake-datadoghq.com browser-intake-datadoghq.com *.gstatic.com *.bing.com *.typekit.net *.doubleclick.ne *.bidswitch.net *.adnxs.com *.media.net *.rubiconproject.com *.smartadserver.com *.taboola.com *.aralego.com criteo-sync.teads.tv *.3lift.com *.yahoo.net *.socdm.com *.casalemedia.com *.dable.io *.adingo.jp *.stickyadstv.com *.360yield.com *.rlcdn.com *.outbrain.com *.pubmatic.com *.smaato.net *.clmbtech.com *.yieldmo.com *.klarnacdn.net vercel.com assets.vercel.com googleads.g.doubleclick.net *.dotomi.com he.lijit.com envoydev.co track.securedvisit.com bh.contextweb.com stats.g.doubleclick.net public-prod-dspcookiematching.dmxleo.com match.adsrvr.org *.zendesk.com *.zopim.com widget-mediator.zopim.com trends.revcontent.com match.sharethrough.com tapestry.tapad.com criteo-partners.tremorhub.com ad.tpmn.co.kr e1.emxdgt.com cm.g.doubleclick.net partner.mediawallahscript.com visitor.omnitagjs.com i.liadm.com exchange.mediavine.com 1f2e7.v.fwmrm.net tags.bluekai.com dpm.demdex.net ws-us3.pusher.co eu.klarnaevt.com sockjs-us3.pusher.com ws-us3.pusher.com aa.agkn.com jadserve.postrelease.com ad.tpmn.io match.prod.bidr.io i6.liadm.com sync.crwdcntrl.net *.sv.rkdms.com *.simpli.fi *.dlx.addthis.com ws.rqtrk.eu *.youtube-nocookie.com *.klarnaevt.com *.cloudflare.com *.datadome.co *.hotjar.com *.hotjar.io *.narvar.com aorta.clickagy.com *.abtasty.com *.narvar.qa *.gorewear.com *.dev.sitka.stage-codal.net *.sitka.stage-codal.net *.stage-codal.net www.sandbox.paypal.com cdn.sand.us.zip.co *.stagesitkagear.com localhost:* 1
report-uri https://www.concord.app/wp-json/reporting-api/v1/reporting; report-to default 1
script-src 'self' 'inline' https://snap.licdn.com https://ws.zoominfo.comhttps://script.hotjar.com https://assets.calendly.com https://embed.tawk.to https://my.hellobar.com https://www.clarity.ms https://embed.tawk.to https://www.gstatic.com https://cookie-cdn.cookiepro.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://tpc.googlesyndication.com https://kit.fontawesome.com https://www.google.com; object-src 'self'; img-src 'self' data: https://px.ads.linkedin.com https://www.google.co.uk https://c.clarity.ms https://www.google-analytics.com https://ee9500fb4b5b4b4fa9f7a5505b017d53.svc.dynamics.com https://tpc.googlesyndication.com https://cookie-cdn.cookiepro.com; frame-src 'self' https://172.25.16.184 https://www.youtube.com https://tpc.googlesyndication.com https://www.google.com https://calendly.com; frame-ancestors 'self'; font-src 'self' https://embed.tawk.to https://tpc.googlesyndication.com https://www.google.com https://ka-p.fontawesome.com; report-uri /report-csp-violation 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-c39064bced3a49dca0ada8002a1d876d' https://www.viewmychart.com 'self';img-src https://* 'self' blob: data:;style-src https://www.viewmychart.com 'self' 'unsafe-inline';form-action 'self';media-src https://* 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' data: *.vimeocdn.com fonts.googleapis.com; img-src 'self' data: secure.gravatar.com www.gravatar.com www.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com; connect-src 'self' *.vimeo.com www.google-analytics.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' data: *.vimeo.com *.vimeocdn.com; child-src 'self' data: *.vimeo.com *.vimeocdn.com; 1
'img-src' 'blob' 'default-src' 'self' 'unsafe-inline' 'unsafe-eval' 'blob' blob: http://blog-cms.weddingz.in https://stats.g.doubleclick.net https://securesentry.oyorooms.io https://code.getmdl.io https://assets.pinterest.com https://graph.facebook.com *.s3.amazonaws.com https://api.instagram.com https://api.pinterest.com https://connect.facebook.net *.cloudfront.net https://ds-aksb-a.akamaihd.net *.googleapis.com *.gstatic.com *.criteo.com *.criteo.net https://www.facebook.com https://www.google-analytics.com https://www.google.co.in https://www.google.com https://www.googletagmanager.com https://www.googleadservices.com https://m.weddingz.in https://media.weddingz.in https://js-agent.newrelic.com https://assets.oyoroomscdn.com https://maxcdn.bootstrapcdn.com https://weddingz.in https://www.youtube.com https://tagmanager.google.com *.instagram.com https://instagram *.tile.openstreetmap.org; report-uri /private_apis/content-security-violation/ 1
default-src 'self'; worker-src 'none'; object-src 'none'; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' client.crisp.chat static.cloudflareinsights.com app.termly.io js.stripe.com www.googletagmanager.com ajax.cloudflare.com googleads.g.doubleclick.net https://accounts.google.com/gsi/client https://www.google.com/recaptcha/api.js https://www.java.com/js/deployJava.js; style-src 'report-sample' 'self' 'unsafe-inline' accounts.google.com client.crisp.chat fonts.googleapis.com; connect-src 'self' sentry.fornex.dev www.google.com *.analytics.google.com accounts.google.com analytics.google.com www.google-analytics.com pagead2.googlesyndication.com stats.g.doubleclick.net app.termly.io wss://client.relay.crisp.chat; frame-src js.stripe.com td.doubleclick.net; font-src 'self' data: client.crisp.chat fonts.gstatic.com; img-src 'self' https: blob: data:; report-uri https://sentry.fornex.dev/api/5/security/?sentry_key=ae802e2a7684ca9e3cbd39fe3a9e309c&sentry_environment=csp 1
report-uri https://cchome.adobe.io/csp/v1/collect?api_key=CCHomeWeb1; connect-src 'self' * data: *.onetrust.com blob: data:; img-src * data: blob: about:; frame-src *; media-src *; default-src https: blob:; style-src 'self' * data: 'unsafe-inline' 'unsafe-eval' *.adobeccstatic.com *.adobe.com *.clicktale.com about: blob:; script-src 'self' * data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.adobelogin.com *.adobeprojectm.com *.newrelic.com *.nr-data.net *.adobeccstatic.com *.typekit.com *.adobe.com adobe.com *.uservoice.com *.typekit.net *.evidon.com *.demandbase.com *.ccmui.adobe.com *.clicktale.net *.clicktale.com *.everestjs.net *.everesttech.net tags.srv.stackadapt.com *.onetrust.com *.cookielaw.org *.vimeo.com *.youtube.com *.ytimg.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://snap.licdn.com/li.lms-analytics/insight.beta.min.js *.bing.com *.ads-twitter.com *.twitter.com  *.facebook.net *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.tiktok.com about: blob:; font-src data: *.typekit.net *; frame-ancestors 'self' file://* *.instructure.com *.blackboard.com *.adobe.com zeonchatclient-va6.cloud.adobe.io 1
font-src fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.stackpathcdn.com docker.intra.macron.com:* login.macron.com *.hotjar.io *.hotjar.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.facebook.com https://store.plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com www.paypal.com www.sandbox.paypal.com *.adyen.com www.google.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com www.youtube.com docker.intra.macron.com:* login.macron.com *.criteo.com *.facebook.com *.hotjar.io *.hotjar.com https://store.plumrocket.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.vimeocdn.com s.ytimg.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.adyen.com data: maps.googleapis.com maps.gstatic.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com www.google.it www.google.com www.facebook.com *.stackpathcdn.com i.ytimg.com *.amasty.com placehold.it *.cdninstagram.com docker.intra.macron.com:* login.macron.com *.yandex.com *.hotjar.io *.hotjar.com 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.adyen.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.google.com www.gstatic.com chimpstatic.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.google-analytics.com *.googletagmanager.com *.newrelic.com *.nr-data.net connect.facebook.net *.doubleclick.net *.stackpathcdn.com player.vimeo.com docker.intra.macron.com:* login.macron.com mc.yandex.ru *.criteo.net *.criteo.com *.hotjar.io *.hotjar.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.stackpathcdn.com docker.intra.macron.com:* login.macron.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.doubleclick.net www.google-analytics.com *.nr-data.net *.stackpathcdn.com *.instagram.com docker.intra.macron.com:* login.macron.com mc.yandex.ru vimeo.com *.facebook.com *.hotjar.io *.hotjar.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src *; img-src https:; frame-src 'none' 1
font-src fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com * *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com secure-gateway.hipay-tpp.com *.hipay.com s3-eu-west-1.amazonaws.com *.back.ecard.pledg.co *.front.ecard.pledg.co front.ecard.pledg.co hooks.stripe.com *.salecycle.com *.criteo.com *.hotjar.com *.facebook.net track.effiliation.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com *.retif.eu *.hsforms.net *.hsforms.com * *.googleapis.com *.ggpht.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com jquery.sellxed.com secure-gateway.hipay-tpp.com *.hipay.com mpsnare.iesnare.com https://cdnjs.cloudflare.com s3-eu-west-1.amazonaws.com *.back.ecard.pledg.co *.front.ecard.pledg.co *.nr-data.net *.newrelic.com *.iadvize.com *.cookielaw.org *.bing.com *.pinimg.com *.hotjar.com *.salecycle.com *.facebook.net *.licdn.com *.criteo.com track.effiliation.com *.hsforms.net *.hsforms.com *.googleapis.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.hipay.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com * *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: mpsnare.iesnare.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.hipay.com wss://mpsnare.iesnare.com s3-eu-west-1.amazonaws.com *.back.ecard.pledg.co *.front.ecard.pledg.co *.nr-data.net *.facebook.net *.criteo.com track.effiliation.com t.elasticsuite.io *.hsforms.net *.hsforms.com * *.google.com *.gstatic.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-eb96023c45b64831a7450e0e9e40d44e' https://www.mylghealth.org/mychart 'self';img-src https://* 'self' blob: data:;style-src https://www.mylghealth.org/mychart 'self' 'unsafe-inline';form-action 'self';media-src https://* 'self'; 1
font-src *.typekit.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.typekit.net *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com ws: *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.payline.com payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com https://www.googletagmanager.com/ *.payline.com payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com *.google.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io cdn.doofinder.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.magezon.com *.payline.com payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ cdn.doofinder.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.payline.com payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com *.google.com/ s7.addthis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.doofinder.com *.payline.com payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.doofinder.com wss://*.doofinder.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.payline.com payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com ekr.zdassets.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bannerflow.net *.lampenwelt.de *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.storyblok.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com https://cdn.consentmanager.net https://delivery.consentmanager.net secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com challenges.cloudflare.com https://www.recaptcha.net/recaptcha/ *.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net data: *.adyen.com *.brsrvr.com *.bloomreach.cloud https://cdn.consentmanager.net https://delivery.consentmanager.net cdn.pay1.de x.klarnacdn.net *.cloudfront.net *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu lw-cdn.com *.adingo.jp *.adnxs.com *.aralego.com *.bing.com *.bidswitch.net *.bluekai.com *.casalemedia.com *.clmbtech.com *.contentsquare.net *.consentmanager.net *.criteo.com *.dable.io *.doubleclick.net *.google.com *.googleapis.com *.lampenwelt.de *.linkedin.com *.media.net *.outbrain.com *.pubmatic.com *.rlcdn.com *.roeyecdn.com *.rubiconproject.com *.smaato.net *.smartadserver.com *.socdm.com *.stickyadstv.com *.taboola.com *.teads.tv *.unrulymedia.com *.yahoo.com *.yieldmo.com *.1rx.io *.3lift.com *.360yield.com *.mycliplister.com https://mycliplister.com *.storyblok.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com collector.sst.luminaire.fr data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com cdn.brcdn.com https://cdn.consentmanager.net https://delivery.consentmanager.net secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io challenges.cloudflare.com https://www.recaptcha.net/recaptcha/ *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com *.aticdn.net *.bing.com *.criteo.com *.contentsquare.net https://delivery *.doubleclick.net *.dwin1.com *.facebook.net *.hello-charles.com *.kk-resources.com *.lampenwelt.de *.licdn.com *.pinimg.com *.pinterest.com *.roeyecdn.com *.salesforceliveagent.com *.scarabresearch.com *.force.com *.tiktok.com https://mycliplister.com *.kameleoon.eu https://js-agent.newrelic.com *.storyblok.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.trustpilot.com collector.sst.luminaire.fr 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com d.ratepay.com d.payla.io dr.payla.io *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.force.com *.storyblok.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src https://cdn.consentmanager.net https://delivery.consentmanager.net 'self' 'unsafe-inline'; media-src *.adobe.com https://cdn.consentmanager.net https://delivery.consentmanager.net https://mycliplister.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.dxpapi.com https://cdn.consentmanager.net https://delivery.consentmanager.net payments.amazon.de d.ratepay.com jsctool.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.contentsquare.net *.criteo.com *.doubleclick.net *.googleadservices.com *.hello-charles.com *.lampenwelt.de *.linkedin.com *.pa-cd.com *.pinterest.com *.tiktok.com *.wepowerconnections.com *.xiti.com https://mycliplister.com *.kameleoon.io https://bam.eu01.nr-data.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.trustpilot.com collector.sst.luminaire.fr 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://cdn.consentmanager.net https://delivery.consentmanager.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-collector.magento.lampenwelt.tech; report-to report-endpoint; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: visitnj.org www.google.ca platform-api.sharethis.com region1.analytics.google.com www.google.ie exchange-match.mediaplex.com cms.analytics.yahoo.com pixel-geo.prfct.co api.intentiq.com adservice.google.com www.storygize.net cdn.matomo.cloud *.smartadserver.com tsdtocl.com bcp.crwdcntrl.net *.rubiconproject.com in.getclicky.com starling.crowdriff.com rules.quantcount.com ws.sharethis.com www.google-analytics.com www.google.co.uk static.getclicky.com *.gstatic.com t.sharethis.com ads.stickyadstv.com bh.contextweb.com sync.bfmio.com *.openx.net raw.githack.com idsync.rlcdn.com *.doubleclick.net sync.sharethis.com prreqcroab.icu l.sharethis.com *.facebook.net bam.nr-data.net idsync.live.streamtheworld.com jadserve.postrelease.com arttrk.com js-agent.newrelic.com us-east.ads.audio.thisisdax.com cas.cluep.com contextual.media.net eb2.3lift.com data.stbuttons.click c.ltmsphrcl.net cs.openwebmp.com *.vimeo.com analytics.google.com s.ntv.io *.adsafeprotected.com *.facebook.com jelly.mdhv.io *.bluekai.com secure.quantserve.com us.ck-ie.com pixel.streetmetrics.io *.taboola.com *.pubmatic.com sync.1rx.io sync.intentiq.com www.google.com pixel.quantserve.com partners.tremorhub.com *.googleapis.com *.pinimg.com serve.uberads.com *.cloudfront.net *.dotomi.com maxcdn.bootstrapcdn.com i.liadm.com px.adentifi.com *.adnxs.com *.tvsquared.com ups.analytics.yahoo.com translate.google.com *.lijit.com *.adsrvr.org postrelease.com jelly-v6.mdhv.io visitnj.matomo.cloud crb.kargo.com ps.eyeota.net tag.perfectaudience.com *.admanmedia.com koi-3qnmjgpx0o.marketingautomation.services *.outbrain.com *.casalemedia.com *.pinterest.com www.googletagmanager.com match.sharethrough.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src *.sagepay.com *.klevu.com *.ksearchnet.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.sagepay.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.sagepay.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.paypal.com *.sagepay.com ebizmarts-website.s3.amazonaws.com *.klevu.com *.ksearchnet.com *.gstatic.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.sagepay.com js.klevu.com *.ksearchnet.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.sagepay.com *.klevu.com *.ksearchnet.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.sagepay.com *.klevu.com *.ksearchnet.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com https://cdn.livechatinc.com https://secure.livechatinc.com https://fonts.google.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com https://secure.livechatinc.com https://widget.trustpilot.com https://consentcdn.cookiebot.com https://www.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.feedoptimise.com cdn.feedoptimise.com *.amazonaws.com maps.gstatic.com https://cdn.livechatinc.com https://secure.livechatinc.com https://cdn.livechat-static.com https://cdn.livechat-files.com/ https://bat.bing.com https://www.google.co.uk https://s.ytimg.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ jquery.sellxed.com widget.freshworks.com m2epro.freshdesk.com www.feedoptimise.com cdn.feedoptimise.com maps.googleapis.com https://api.livechatinc.com https://cdn.livechatinc.com https://secure.livechatinc.com https://cdn.livechat-static.com https://widget.trustpilot.com https://bat.bing.com https://script.thisisbeacon.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://cdnjs.cloudflare.com https://js-agent.newrelic.com https://bam.nr-data.net connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://cdn.livechatinc.com https://secure.livechatinc.com https://cdn.livechat-static.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com widget.freshworks.com m2epro.freshdesk.com ws.postcoder.com https://api.livechatinc.com https://cdn.livechatinc.com https://secure.livechatinc.com https://youtube.com https://google.com https://fonts.google.com https://v5api.thisisbeacon.com https://consentcdn.cookiebot.com https://bam.nr-data.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src https://api.livechatinc.com https://cdn.livechatinc.com https://secure.livechatinc.com https://youtube.com https://google.com https://fonts.google.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 'unsafe-inline' 'unsafe-eval' data:; report-uri https://www0mansion0review0jp.report-uri.com/r/d/csp/reportOnly; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com dhv2ziothpgrr.cloudfront.net *.klarnacdn.net *.klevu.com *.ksearchnet.com *.yotpo.com x.klarnacdn.net *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.nosto.com *.nos.to *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.doubleclick.net *.facebook.com *.flashtalking.com *.klarna.com *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com *.paypalobjects.com *.usehero.com *.braintreegateway.com *.cookiebot.com *.hotjar.com *.kaptcha.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.pmtonline.co.uk *.clarity.ms *.cloudfront.net dhv2ziothpgrr.cloudfront.net *.klarna.com *.klarnaevt.com *.klarnacdn.net *.klevu.com *.ksearchnet.com *.webtrekk.net *.wt-eu02.net https://fbc.wcfbc.net https://*.flx1.com/ https://dmp.adform.net/ *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.trustpilot.com *.amazonaws.com *.finance-calculator.co.uk *.google.co.uk *.usehero.com *.bing.com *.postcodeanywhere.co.uk *.yotpo.com blob: x.klarnacdn.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.cloudfront.net *.tradedoubler.com *.email.pmtonline.co.uk *.mateti.net *.newrelic.com *.nr-data.net *.zdassets.com widget.freshworks.com m2epro.freshdesk.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net https://angus.finance-calculator.co.uk *.klarna.com *.klarnaservices.com js.klevu.com *.ksearchnet.com https://responder.wt-safetag.com https://*.flx1.com/ https://www.googletagmanager.com https://*.gstatic.com *.nosto.com *.nos.to js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com *.klevu.com *.finance-calculator.co.uk *.usehero.com *.postcodeanywhere.co.uk *.pcapredict.com *.cardinalcommerce.com *.hotjar.com *.cookiebot.com *.bing.com https://analytics.tiktok.com *.zuko.io *.yotpo.com *.clarity.ms x.klarnacdn.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com widget.freshworks.com m2epro.freshdesk.com dhv2ziothpgrr.cloudfront.net *.klarnacdn.net *.klevu.com *.ksearchnet.com *.nosto.com *.nos.to unsafe-inline assets.braintreegateway.com *.trustpilot.com *.finance-calculator.co.uk *.usehero.com *.postcodeanywhere.co.uk *.yotpo.com x.klarnacdn.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.usehero.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.cloudfront.net *.dycdn.net *.freshrelevance.com wss://*.freshrelevance.com *.mateti.net *.pmtonline.co.uk *.zdassets.com *.zendesk.com *.nr-data.net *.bing.com tbs.pvnsolutions.com widget.freshworks.com m2epro.freshdesk.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com https://angus.finance-calculator.co.uk *.klarnaevt.com *.klarnaservices.com *.klevu.com *.ksearchnet.com https://*.flx1.com/ https://*.gstatic.com https://jamie.g.shortest-route.com https://*.googleapis.com *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.trustpilot.com *.finance-calculator.co.uk *.braintreegateway.com *.usehero.com *.postcodeanywhere.co.uk *.doubleclick.net *.zuko.io https://analytics.tiktok.com *.hotjar.io *.hotjar.com *.yotpo.com *.cookiebot.com *.clarity.ms *.sentry.io x.klarnacdn.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' data: *.hotjar.com *.hotjar.io *.googleusercontent.com *.appdynamics.com *.tiktok.com *.cloud.google.com *.fontawesome.com https://lc.golfbreaks.com https://alpha-lc.golfbreaks.com *.contentsquare.net *.cloudflarestream.com *.gstatic.com *.jsdelivr.net https://www.clarity.ms https://c.bing.com https://*.clarity.ms; img-src 'self' data: https: *.googletagmanager.com https://*.fullstory.com *.sleeknote.com *.cloudflarestream.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://flagcdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' optimize.google.com http://*.webtrends-optimize.com https://*.webtrends-optimize.com fonts.googleapis.com *.golfbreaks.com *.sleeknote.com *.feefo.com *.fontawesome.com *.jsdelivr.net; script-src 'self' 'self' data: 'unsafe-inline' 'unsafe-eval' https://*.webtrends-optimize.workers.dev https://lc.golfbreaks.com https://alpha-lc.golfbreaks.com https://api.feefo.com http://register.feefo.com wss://lc.golfbreaks.com wss://alpha-lc.golfbreaks.com optimize.google.com plausible.golfbreaks.com *.appdynamics.com *.tiktok.com *.pw.adn.cloud *.tealiumiq.com plausible.io *.trustpilot.com *.fontawesome.com *.sleeknote.com *.contentsquare.net *.newrelic.com *.contentstack.com https://*.fullstory.com *.google-analytics.com *.gstatic.com *.doubleclick.net *.googleapis.com *.videodelivery.net *.googleadservices.com *.quantummetric.com *.analytics.yahoo.com *.googletagmanager.com *.salesforceliveagent.com *.facebook.net *.jsdelivr.net *.bing.com http://*.hotjar.com https://*.hotjar.com http://*.webtrends-optimize.com https://*.webtrends-optimize.com http://*.hotjar.io https://*.hotjar.io *.tiqcdn.com https://visitor-service-eu-central-1.tealiumiq.com *.yimg.com *.golfbreaks.com bam.eu01.nr-data.net google.com https://cdnjs.cloudflare.com https://c.bing.com https://*.clarity.ms https://cdn.heapanalytics.com *.auryc.com https://mixpanel.com https://cdn.mxpnl.com https://unpkg.com/date-time-format-timezone@latest/build/browserified/date-time-format-timezone-complete-min.js https://cdnjs.cloudflare.com/ajax/libs/socket.io/3.0.4/socket.io.min.js; connect-src 'self' *.feefo.com *.bing.com *.pw.adn.cloud plausible.golfbreaks.com https://region1.analytics.google.com https://www.google.com/pagead/landing https://www.google.com/pagead/landing* *.eum-appdynamics.com *.cloudflarestream.com *.tiktok.com https://lc.golfbreaks.com https://alpha-lc.golfbreaks.com wss://lc.golfbreaks.com wss://alpha-lc.golfbreaks.com *.cloudflare.com data: cloudflare.com plausible.io *.tealiumiq.com https://collect.golfbreaks.com https://*.fullstory.com *.quantummetric.com https://google.com/pagead/form-data/1063337128 https://google.com/ccm/form-data/1063337128 https://cdn.jsdelivr.net/npm/@mdi/font@latest/css/materialdesignicons.min.css https://fonts.googleapis.com/css https://fonts.googleapis.com/css* http://*.webtrends-optimize.com https://*.webtrends-optimize.com *.sleeknote.com *.google-analytics.com *.googleusercontent.com *.salesforceliveagent.com images.contentstack.io *.contentsquare.net *.yimg.com *.facebook.com https://maps.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/* http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.fontawesome.com *.doubleclick.net accounts.google.com sentry.io videodelivery.net bam.eu01.nr-data.net https://*.clarity.ms *.auryc.com https://cdnjs.cloudflare.com/ajax/libs/socket.io/3.0.4/socket.io.min.js; font-src 'self' data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.fontawesome.com *.jsdelivr.net *.gstatic.com; frame-src 'self' *.doubleclick.net *.autoeurope.com *.trustpilot.com *.doubleclick.net *.cloudflarestream.com *.wufoo.com *.sleeknote.com optimize.google.com *.videodelivery.net https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.facebook.com *.tealiumiq.com *.centinelapistag.cardinalcommerce.com https://cdnjs.cloudflare.com/ajax/libs/socket.io/3.0.4/socket.io.min.js; child-src 'self' blob: *; media-src 'self' blob: *.google.com https://storage.googleapis.com/golfbreaks_public/ videodelivery.net *.googleusercontent.com *.cloudflarestream.com; form-action 'self' golfbreaks.secure.force.com *.facebook.com *.tealiumiq.com *.cs110.force.com *.salesforceliveagent.com; frame-ancestors 'self'; object-src 'self'; report-uri https://o246236.ingest.sentry.io/api/1470514/security/?sentry_key=aaa779434b65427fa3608b8938255828 1
connect-src 'self' data: *.fontawesome.com *.google-analytics.com *.doubleclick.net *.google.com googletagmanager.com *.acsbapp.com wss://webmessaging.usw2.pure.cloud *.pure.cloud *.userway.org *.alive5.com alive5.com;default-src 'self' data: d13qcyivyon4xf.cloudfront.net *.recollect.net www2.elpasotexas.gov *.piktochart.com elpasotx.citysourced.com alive5.com *.pure.cloud td.doubleclick.net *.userway.org *.powerbigov.us;font-src 'self' data: *.gstatic.com *.fontawesome.com *.jsdelivr.net *.typekit.net *.fastly.net acsbapp.com *.userway.org;img-src 'self' data: *.google.com *.googleapis.com *.google-analytics.com *.jsdelivr.net *.fastly.net *.recollect.net *.piktochart.com *.userway.org *.alive5.com;script-src 'self' 'nonce-d79dfeaad622030c' *.fontawesome.com *.googletagmanager.com *.google.com *.google-analytics.com *.gstatic.com *.jquery.com 'sha256-EFV8pmp/wh+U6PZamj4KQ0q8X4ZQK18tF7skjashMC0=' 'sha256-d470bixwKmL9bRvqX+/YcGn63ywAfKoybYPkM5Uytpg=' 'sha256-CWheM/qrotfHL9rkBHCUQoQJ26R59qBT9Y6zmdWMo4I=' *.cloudflare.com *.jsdelivr.net *.recollect.net 'sha256-GZcyqV0YX2St+S/OQczTu1wNNg/O+RTwzw2JTTta3P0=' googletagmanager.com acsbapp.com *.pure.cloud *.acsbapp.com 'sha256-EhQpu6NNucte8YbnJ4xqNQ3ZEr6lZr9OylXRM08U23w=' 'sha256-6LGMzcnzg+kSHN9kCfnGBfyFkTD5ralHy4kgX9bEKac=' *.userway.org alive5.com 'sha256-Ktbr5+uWaq/tdIzd+uSnzMynWRb8C1GgwNmidruZnl4=' *.elpasotexas.gov 'sha256-N/ojzpn0NH2iToAWgtz7/qj3VTBrzGc5Kq/wcHmeC9g=' 'sha256-32mhgs7qr26DY71TSkr2GH6b4cN1O1vqJZeD8VqK09E=';style-src 'self' 'unsafe-inline' *.googleapis.com *.fontawesome.com *.google.com *.jsdelivr.net *.typekit.net *.fastly.net alive5.com *.userway.org; 1
default-src 'self' *.google-analytics.com *.jsdelivr.net *.gstatic.com; script-src 'unsafe-inline' 'unsafe-eval' 'self'  *.googletagmanager.com *.google-analytics.com *.jsdelivr.net https://www.googletagmanager.com/ns.html *.cookielaw.org *.fontawesome.com *.licdn.com *.ads-twitter.com *.facebook.net https://www.google.com/recaptcha/api.js; style-src 'unsafe-inline' 'self' *.jsdelivr.net; img-src 'self' *.google-analytics.com *.facebook.com *.linkedin.com *.blob.core.windows.net *.azureedge.net *.cookielaw.org *.google.com *.google.co.in analytics.twitter.com t.co px.ads.linkedin.com px.ads.linkedin.com.x cdn.incyte.com data: *.googletagmanager.com *.opendns.com *.media-cache.woxo.tech; media-src 'self' *.google-analytics.com *.blob.core.windows.net *.azureedge.net; frame-src *.youtube.com *.google.com *.googletagmanager.com incyte.hrmdirect.com *.facebook.com *.facebook.net; frame-ancestors 'self'; child-src *.youtube.com  *.google.com *.googletagmanager.com incyte.hrmdirect.com; font-src 'self' data: https://cdn.jsdelivr.net https://fonts.gstatic.com; connect-src *; report-uri /report-csp-violation 1
font-src *.typekit.net https://cdnjs.cloudflare.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ js.stripe.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.googletagmanager.com *.hotjar.com *.botnation.ai *.avis-verifies.com www.zenaps.com www.facebook.com *.myspectro.io *.kxcdn.com www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de axeptio.imgix.net *.bing.com *.google.com *.avis-verifies.com *.netreviews.eu https://www.google.fr https://api.mapbox.com *.tile.openstreetmap.org lacompagniedesanimauxfr.twgdns.com *.clarity.ms bat.bing.com www.facebook.com *.gstatic.com https://maps.googleapis.com https://maps.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.stripe.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.axept.io *.shipup.co *.bing.com *.facebook.net *.doubleclick.net *.hotjar.com *.dwin1.com *.twenga.fr *.newrelic.com *.avis-verifies.com *.nr-data.net https://cdnjs.cloudflare.com *.plugins.emarsys.net *.scarabresearch.com *.botnation.ai www.remisesetprivileges.fr www.zenaps.com the.sciencebehindecommerce.com *.clarity.ms connect.facebook.net assets.emarsys.net https://www.googletagmanager.com tagmanager.google.com *.myspectro.io *.kxcdn.com s.kk-resources.com *.avada.io https://maps.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.typekit.net *.jsdelivr.net https://fonts.googleapis.com https://cdnjs.cloudflare.com *.fontawesome.com *.botnation.ai tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.axept.io client.axept.io *.google-analytics.com *.doubleclick.net *.scarabresearch.com *.eservice.emarsys.net https://nominatim.openstreetmap.org *.botnation.ai www.remisesetprivileges.fr the.sciencebehindecommerce.com *.clarity.ms bam.nr-data.net *.fact-finder.de *.fact-finder.com *.fact-finder.co.uk *.fact-finder.fr *.fact-finder.pl *.fact-finder.it *.fact-finder.at *.fact-finder.ch *.fact-finder.cloud *.myspectro.io *.kxcdn.com s.kelkoogroup.net *.hotjar.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://report-to-api.raygun.com/reports-csp?apikey=31PE6DHAsPk4VhW/clCf1Q==; report-to raygun; frame-ancestors 'self' *.salesforce.com *.dynamics.com *.force.com *.visualforce.com *; base-uri 'self'; worker-src blob:; object-src 'none'; script-src 'self' 'report-sample' fonts.googleapis.com de0ytjjvbrlb1.cloudfront.net cdn.raygun.io cdn.pendo.io www.google-analytics.com ajax.googleapis.com hetrix-status.truelogic.workers.dev js.stripe.com www.google.com www.googletagmanager.com maps.googleapis.com c.contentsvr.com www.gstatic.com cdn.jsdelivr.net capi.emailonacid.com api.cloudsponge.com svc.webspellchecker.net api.iconify.design 'unsafe-hashes' 'sha256-UITiqbXyaWS7NpwiFrMIbdXAZy5EXLRUHkpylF4504k=' 'sha256-TGzwaG44DlClIQ5bQ6i9XVOBLHstxgsoSOUfcVR6P6U=' 'sha256-c1xYKj4sj2ziTAHW03COkE66dwsuzKkKmD9rJPogoYg=' 'sha256-2rvfFrggTCtyF5WOiTri1gDS8Boibj4Njn0e+VCBmDI=' 'unsafe-inline' 'nonce-QjgauFkEjPAiA25VopBYQArYsRM=' 1
default-src 'self'; script-src 'nonce-7nYq+DwAOwYuyXsUJSeVGQ==' 'nonce-fyvffdaxlufja6l83kjrdq==' 'report-sample' 'self' 'strict-dynamic' https://js.hubspot.com/web-interactives-embed.js https://www.googletagmanager.com/gtm.js; style-src 'nonce-MeOG/FwviPIGwQ5ML0hETQ==' 'report-sample' 'self'; https://cdn.jsdelivr.net; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self' https:; manifest-src 'self'; media-src 'none'; report-uri https://666e81840dfa2ed26f486533.endpoint.csper.io/?v=1; form-action 'none'; worker-src 'none'; 1
default-src 'self'; frame-src *.recaptcha.net platform.twitter.com *.youtube.com youtube.com; script-src 'sha256-aa3zqmSclzP4+Q8BY2jE5eMh7255xm4fHK4vW3A0m/g=' 'self' 'self' *.procreate.art *.procreate.com *.sentry.io *.gstatic.com *.recaptcha.net *.youtube.com/embed platform.twitter.com https://www.gstatic.cn/recaptcha cdn.usefathom.com *.mux.com; worker-src 'self' blob:; img-src 'self' 'unsafe-inline' blob: data: *.procreate.art *.procreate.com *.savage.si *.ytimg.com cdn.usefathom.com *.mux.com; connect-src 'self' blob: *.procreate.art *.procreate.com *.sentry.io *.savage.si savage-support-request-files.s3-accelerate.amazonaws.com *.mux.com https://inferred.litix.io/; media-src 'self' blob: *.procreate.art *.procreate.com *.savage.si *.mux.com; style-src 'unsafe-inline' *.procreate.art *.procreate.com https://fonts.googleapis.com; form-action 'self'; base-uri 'self'; frame-ancestors 'none'; object-src 'none'; font-src 'self' https://fonts.gstatic.com 1
frame-ancestors 'self' https://*.solidpixels.net https://*.solidpixels.com https://*.solidpixels.cz; form-action 'self'; report-uri https://o428203.ingest.sentry.io/api/4505516549210112/security/?sentry_key=6eb445158e4a410c830e7e424f2d7b56 1
object-src 'none';base-uri 'self';script-src 'nonce-N8aT5JS3eBq6yDFIvYfDEw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https:; frame-src https:; script-src https: data: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report.php 1
font-src *.cloudflare.com data: 'self' 'unsafe-inline'; form-action test.saferpay.com www.saferpay.com saferpay.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ bid.g.doubleclick.net *.prismic.io *.google.com *.criteo.com *.criteo.net *.doubleclick.net *.pinterest.com *.facebook.com *.livechatinc.com *.sovendus-connect.com *.weltpixel.com www.xtento.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://images.unsplash.com *.bing.com *.google.ch *.trackjs.com *.google.com *.twiago.com *.doubleclick.net *.bidswitch.net *.adnxs.com *.smartadserver.com *.taboola.com *.adform.net *.omnitagjs.com *.lehner-versand.ch *.casalemedia.com *.criteo.com id5-sync.com *.360yield.com *.ivitrack.com *.media.net *.mediavine.com *.postrelease.com *.outbrain.com *.pubmatic.com *.rubiconproject.com *.sharethrough.com *.teads.tv *.tremorhub.com *.3lift.com *.yieldlab.net *.yieldmo.com *.emxdgt.com *.demdex.net *.livechat-files.com *.dmxleo.com *.profity.ch *.googleapis.com *.prismic.io *.1rx.io www.xtento.com cdn.xtento.com test.saferpay.com www.saferpay.com saferpay.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js track.bx-cloud.com/static/bav2.min.js r-st.bx-cloud.com/static/bav2.min.js r-st.bx-cloud.com/static/rti.min.js track.bx-cloud.com/static/rti.min.js storage.googleapis.com/rtux-rtux-data-integration-rti/ *.trackjs.com *.gstatic.com *.livechatinc.com *.cdn.prismic.io *.google.com *.criteo.com *.pinimg.com *.bing.com *.adt313.net htm1.ch *.pinterest.com profity.ch *.profity.ch/clients/main.js *.getback.ch *.sovendus.com *.sovendus-connect.com *.googleapis.com www.xtento.com cdn.xtento.com test.saferpay.com www.saferpay.com saferpay.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.getback.ch *.cloudflare.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.newrelic.com *.nr-data.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com track.bx-cloud.com main.bx-cloud.com main.wi-platform-cloud.com r-st.bx-cloud.com track.bx-cloud.com/track/v2 storage.googleapis.com/rtux-rtux-data-integration-rti/ htm1.ch *.pinterest.com *.lehner-versand.ch *.criteo.com *.google.com *.getback.ch *.doubleclick.net *.wi-platform-cloud.com *.trackjs.com *.livechatinc.com *.sovendus.com *.googleapis.com test.saferpay.com www.saferpay.com saferpay.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.santamonica.gov *.arcgis.com *.googleapis.com ka-f.fontawesome.com *.gstatic.com cdn.jsdelivr.net www.google.com www.google-analytics.com kit.fontawesome.com unpkg.com cityofsantamonica.getbynder.com www.googletagmanager.com *.azure.com translate.google.com code.jquery.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
upgrade-insecure-requests; default-src 'self' https://*.planer.io https://planer.io; script-src 'self' 'unsafe-inline' ; script-src-elem 'self' 'unsafe-inline' ; script-src-attr 'none'; style-src 'self' 'unsafe-inline' https://*.planer.io https://planer.io; img-src 'self' https: data:; manifest-src 'self' https://login.planer.io; object-src 'none'; frame-ancestors 'self'; report-uri https://frontend-logs.planer.io/v1/frontend-logs/central-login-page; report-to frontend-errors 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.trackedlink.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.mlstatic.com *.mercadopago.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.mercadopago.com *.mercadolibre.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri /api/csp 1
default-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; connect-src https: wss: 'unsafe-inline'; media-src 'self' data: https://videos.ctfassets.net/; worker-src 'self' blob:; child-src 'self' blob:; font-src 'self' data: https://fonts.gstatic.com/; manifest-src 'self'; img-src 'self' data: https://www.google.com/ https://fonts.gstatic.com/ https://www.google.co.in/ https://www.google.co.nz/ https://*.analytics.google.com/ https://*.paypal.com/ https://www.paypalobjects.com/ https://c5.adalyser.com/ https://cm.everesttech.net/ https://*.google-analytics.com/ https://infos.belong.com.au/ https://www.googletagmanager.com/ https://accounts.google.com/ https://www.google.com/ https://www.google.com.au/ https://sp.analytics.yahoo.com/ https://*.taboola.com/ https://images.ctfassets.net/ https://www.facebook.com/ https://*.cloudfunctions.net/ https://dpm.demdex.net/ android-webview-video-poster:; frame-src 'self' https://insight.adsrvr.org/ https://match.adsrvr.org/ https://tsdtocl.com/ https://*.fls.doubleclick.net/ https://*.hotjar.com/ https://lpcdn.lpsnmedia.net/ https://ssl.kaptcha.com/ https://*.paypal.com/ https://www.paypalobjects.com/ belong://* https://telstra.demdex.net/ https://teamtelstra.demdex.net/ https://mobilemaps.net.au/ https://a18283983956.cdn.optimizely.com/ https://tst.kaptcha.com/ https://www.youtube.com/ https://assets.braintreegateway.com/ https://*.telstra.com.au/; frame-ancestors 'self' https://*.belong-services.com.au https://app.optimizely.com/; object-src 'self'; report-uri https://belong.report-uri.com/r/t/csp/reportOnly; report-to default 1
default-src 'self' gocloudwaveopsus.okta.com myopsus.opsuscloud.com *.oktacdn.com; connect-src 'self' gocloudwaveopsus.okta.com gocloudwaveopsus-admin.okta.com myopsus.opsuscloud.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com gocloudwaveopsus.kerberos.okta.com gocloudwaveopsus.mtls.okta.com https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' gocloudwaveopsus.okta.com myopsus.opsuscloud.com *.oktacdn.com; style-src 'unsafe-inline' 'self' gocloudwaveopsus.okta.com myopsus.opsuscloud.com *.oktacdn.com; frame-src 'self' gocloudwaveopsus.okta.com gocloudwaveopsus-admin.okta.com myopsus.opsuscloud.com login.okta.com *.vidyard.com; img-src 'self' gocloudwaveopsus.okta.com myopsus.opsuscloud.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' gocloudwaveopsus.okta.com myopsus.opsuscloud.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.klarnacdn.net *.fontawesome.com *.alothemes.com *.magepow.com 'unsafe-inline' data: *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.nosto.com *.nos.to *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.hsforms.net *.hsforms.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.fetchify.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com account.fetchify.com *.klarna.com *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.kaptcha.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.paypal.com *.typekit.net *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.alothemes.com *.magepow.com *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.google.co.uk *.windows.net *.hsforms.net *.hsforms.com *.googleapis.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.alothemes.com *.magepow.com *.nosto.com *.nos.to js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cardinalcommerce.com secure.authorize.net test.authorize.net *.braintreegateway.com *.klevu.com *.ksearchnet.com *.yotpo.com *.hsforms.net *.hsforms.com *.googleapis.com *.webgains.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com cc-cdn.com *.klarnacdn.net *.fontawesome.com *.alothemes.com *.magepow.com *.nosto.com *.nos.to assets.braintreegateway.com *.typekit.net *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.alothemes.com *.magepow.com *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.hsforms.net *.hsforms.com *.webgains.io *.hub-box.com *.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: match.sharethrough.com ad.360yield.com visitor.omnitagjs.com *.clarity.ms *.pubmatic.com *.criteo.com ssl.google-analytics.com storerocket.io vc.hotjar.io www2.discoverflow.co trends.revcontent.com *.outbrain.com *.smartadserver.com www.google.tt resources.digital-cloud-west.medallia.com ade.clmbtech.com *.googleadservices.com cdn.storerocket.io *.facebook.net webchannel-content.eservice.emarsys.net kip.katalon.com discoverflow.co api.mapbox.com lla-cms-prod.directus.app sync-criteo.ads.yieldmo.com *.hotjar.com statin.lat *.casalemedia.com eb2.3lift.com www.google-analytics.com nebula-cdn.kampyle.com *.gstatic.com *.twitter.com exchange.mediavine.com ads.stickyadstv.com i.liadm.com criteo-sync.teads.tv *.criteo.net events.mapbox.com google.com contextual.media.net e1.emxdgt.com udc-neb.kampyle.com na-data.kameleoon.io *.ads-twitter.com s.ad.smaato.net www.google.com adservice.google.com embed.binkies3d.com www.google.com.ag static.scarabresearch.com region1.analytics.google.com recommender.scarabresearch.com *.taboola.com www.google.com.jm *.quantummetric.com c.bing.com analytics.discoverflow.co openspeedtest.com static.katalon.com *.adnxs.com t.co criteo-partners.tremorhub.com *.doubleclick.net cro.movil.pa bat.bing.com analytics.google.com cdn.jsdelivr.net *.facebook.com sync.aralego.com *.bidswitch.net sync.1rx.io www.googletagmanager.com www.google.dm www.googleoptimize.com *.rubiconproject.com jadserve.postrelease.com cdn.scarabresearch.com *.kameleoon.eu cdnjs.cloudflare.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
report-uri https://mon.tiktokv.com/monitor_browser/collect/batch/security/?bid=tiktok_pns&ev_type=csp&revision=3596f720-5608-459f-b89b-19f3caa901de&scene=1;report-to csp-endpoint;default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: bytedance: data: mediastream: *.adsintegrity.net *.bitssec.com *.bytedapm.com *.byteintl.com *.byteintl.net *.byteoversea.com *.byteoversea.net *.bytevcloudapi.com *.cdn-apple.com *.doubleclick.net *.facebook.com *.facebook.net *.goofy-cdn.com *.google-analytics.com *.google.ca *.googleapis.com *.googletagmanager.com *.gstatic.com *.ibytedtos.com *.ibyteimg.com *.pipopay.com *.pipopayment.com *.pipopayment.us *.resso.me *.soundon.global *.tiktok.com *.tiktokcdn-us.com *.tiktokcdn.com *.tiktokmusic.app *.tiktokmusic.me *.tiktokv.com *.tiktokv.us *.tiktokw.eu *.ttwstatic.com *.vodupload.com *.yhgfb-static.com googletagmanager.com 1
base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.talentio.com cdn.ravenjs.com widget.intercom.io js.intercomcdn.com www.google-analytics.com analytics.google.com translate.googleapis.com www.googletagmanager.com ; img-src 'self' data: blob: https: http:; child-src 'self' blob:; form-action 'self' www.facebook.com id.talentio.com api-iam.intercom.io ; font-src 'self' data: assets.talentio.com fonts.gstatic.com use.fontawesome.com use.typekit.net fonts.intercomcdn.com ; frame-ancestors 'self'; frame-src 'self' blob: youtube.com *.youtube.com speakerdeck.com *.speakerdeck.com slideshare.net *.slideshare.net twitter.com *.twitter.com note.com *.note.com google.com *.google.com google.co.jp *.google.co.jp facebook.com *.facebook.com backcheck.jp *.backcheck.jp s3.ap-northeast-1.amazonaws.com intercom-sheets.com; manifest-src 'none'; prefetch-src 'self'; object-src 'self' blob: s3.ap-northeast-1.amazonaws.com; style-src 'self' 'unsafe-inline' assets.talentio.com fonts.googleapis.com use.typekit.net p.typekit.net use.fontawesome.com translate.googleapis.com ; media-src 'none'; worker-src 'self' blob:; connect-src 'self' assets.talentio.com *.sentry.io sentry.io api-iam.intercom.io uploads.intercomcdn.com wss://nexus-websocket-a.intercom.io www.google-analytics.com analytics.google.com s3.ap-northeast-1.amazonaws.com translate.googleapis.com 1
default-src 'report-sample' 'self'; script-src 'report-sample' 'self' 'unsafe-inline' *.braintreegateway.com *.google.com *.googletagmanager.com *.youtube.com *.paypal.com *.optimizely.com data: *.presage.io player.vimeo.com *.quantcount.com *.quantserve.com *.pagespeed-mod.com *.contentsquare.com code.jquery.com ads-engagement.presage.io; style-src 'report-sample' 'self' 'unsafe-inline' fonts.googleapis.com *.google.com *.braintreegateway.com; img-src 'self' data: static.nib.com.au *.google.com *.ctfassets.net *.doubleclick.net *.contentsquare.net *.paypal.com *.bing.com blob: *.tealiumiq.com *.facebook.com *.optimizely.com *.rubiconproject.com *.yahoo.com *.analytics.google.com *.presage.io csi.gstatic.com pixel.mathtag.com *.usabilla.com *.intentiq.com www.apia.com.au www.ing.com.au www.qantas.com.au *.picsart.com *.aami.com.au; connect-src 'self' api-gateway.nib.com.au *.nib.com.au *.google.com *.contentsquare.net *.taboola.com *.paypal.com *.tealiumiq.com *.sentry.io *.nibthrive.com.au *.datacloudstat.com *.intentiq.com *.rollbar.com *.nibit.com.au *.braintreegateway.com *.optimizely.com *.contentsquare.net *.bing.com *.facebook.com *.amazonaws.com *.okta.com *.braintree-api.com *.vimeo.com *.contentsquare.com *.ingest.us.sentry.io; font-src 'self' data: static.nib.com.au fonts.gstatic.com ok1static.oktacdn.com *.cdnfonts.com github.com; object-src  data:; media-src 'self'; frame-src  *.doubleclick.net *.youtube.com *.optimizely.com *.paypal.com data: *.google.com *.vimeo.com www.googletagmanager.com; worker-src 'self' blob:; child-src 'self'; form-action 'self'; frame-ancestors 'none'; report-uri https://nibit.report-uri.com/r/t/csp/wizard; 1
object-src 'none';base-uri 'self';script-src 'nonce-1tWXCu7E8-Bb7HUHg3bTug' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-IcfYSxBD9UX_ygR6n4Z8LA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.omtrdc.net *.licdn.com cdn.cookielaw.org www.googletagmanager.com www.shareaholic.net *.googleadservices.com *.onetrust.com *.googleapis.com www.google-analytics.com resources.digital-cloud.medallia.eu cdn.shareaholic.net img06.en25.com *.linkedin.com collection.decibelinsight.net cdn.openshareweb.com www.youtube.com cdn.decibelinsight.net analytics.shareaholic.com www.google.com www.google.co.uk *.amadeus.com unpkg.com udc-neb.kampyle.com assets.adobedtm.com *.gstatic.com *.doubleclick.net www.google.co.in *.demdex.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' affil.eshop-rychle.cz exponea-api.eshop-rychle.cz www.youtube.com www.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net; font-src 'self' fonts.gstatic.com; img-src 'self' www.facebook.com www.google.com www.google.cz *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net c.seznam.cz www.seznam.cz; script-src 'self' 'unsafe-inline' 'unsafe-eval' affil.eshop-rychle.cz connect.facebook.net www.google.com *.google-analytics.com *.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com c.imedia.cz www.seznam.cz exponea-api.eshop-rychle.cz cdn.cookie-script.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com 1
default-src https: https://tbs.tradedoubler.com:*  https://s7g10.scene7.com:* https://stenaline.co.uk:*; script-src 'unsafe-inline' https://bat.bing.com:* https://googleads.g.doubleclick.net:* https://acrobatservices.adobe.com:* https://cdn.cookielaw.org:* https://cdn.mouseflow.com:* https://documentservices.adobe.com:* https://www.google-analytics.com:* https://www.googletagmanager.com:* https://www.stenaline.co.uk/etc.clientlibs:* https://www.stenaline.co.uk:* https://connect.facebook.net:* https://messenger.ebilobster.ai:* https://*.stenaline.com:* https://stenaline.com:* https://assets.adobedtm.com:*; img-src data: https: https://s7g10.scene7.com:*; style-src 'self' 'unsafe-inline' https://acrobatservices.adobe.com:* https://*.stenaline.com:* https://stenaline.com:* https://stenaline.co.uk:*; object-src 'none' 1
object-src 'none';base-uri 'self';script-src 'nonce-bpGhoD8-O9G3CFGzTcMm-g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-z-zeucUYDwVxYHzPRhm79Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src https: 'strict-dynamic' 'report-sample' 'nonce-ygm0K+XIPNAyEJpErvinuU/wLd84IkpfXAQtdt9CR34='; base-uri 'self';report-to csp-endpoint 1
connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://d1fxy698ilbz6u.cloudfront.net https://d3e26335nux8ic.cloudfront.net https://region1.google-analytics.com https://region2.google-analytics.com https://region3.google-analytics.com https://www.facebook.com https://api.amplitude.com https://www.myreviews.ai; img-src 'self' data: https://landia-logos.s3.amazonaws.com https://www.google-analytics.com https://www.facebook.com https://www.google.com https://www.google.cz https://d1fxy698ilbz6u.cloudfront.net https://d3e26335nux8ic.cloudfront.net https://cdn.jsdelivr.net; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://d1fxy698ilbz6u.cloudfront.net https://d3e26335nux8ic.cloudfront.net; frame-src 'self' https://platform.twitter.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://d1fxy698ilbz6u.cloudfront.net https://d3e26335nux8ic.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.amplitude.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://platform.twitter.com https://widget.trustpilot.com https://d1fxy698ilbz6u.cloudfront.net https://d3e26335nux8ic.cloudfront.net; default-src 'self' 'unsafe-inline' 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.klarnacdn.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.facebook.com *.googlesyndication.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com www.xtento.com https://gum.criteo.com/ https://fledge.eu.criteo.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.trackedlink.net *.klarna.com *.klarnaevt.com *.klarnacdn.net www.xtento.com cdn.xtento.com https://www.google.pl/pagead/1p-user-list/999999999/ https://bat.bing.com/action/0 https://www.google.pl/pagead/1p-user-list/9999999999/ data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.adyen.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com *.klarnacdn.net *.klarnaservices.com www.xtento.com cdn.xtento.com https://bat.bing.com/bat.js https://dynamic.criteo.com/js/ld/ld.js https://v2.zopim.com/ https://mmgtr11111.pcapredict.com/js/sensor.js https://bat.bing.com/p/action/99999999.js https://static.zdassets.com/ekr/asset_composer.js https://services.postcodeanywhere.co.uk/js/platformcaptureplus-2.20.min.js https://sslwidget.criteo.com/event https://static.zdassets.com/ekr/sentry-browser.min.js https://static.zdassets.com/web_widget/classic/latest/web-widget-main-67c35ac.js https://static.zdassets.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnacdn.net https://services.postcodeanywhere.co.uk/css/platformcaptureplus-2.20.min.css 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com https://static.zdassets.com/web_widget/classic/latest/fda6cd35495c75f83508d9d2e77ee33d.mp3 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net qa-api.magedevteam.com *.adyen.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://services.postcodeanywhere.co.uk/Extras/Web/Ip2Country/v1.10/json https://ekr.zdassets.com/compose/zopim_chat/53Td2YM5k7jXEY56SEtiqSOBumCZVjcl https://military1st.zendesk.com/embeddable/config https://services.postcodeanywhere.co.uk/ https://google.com/pay wss://widget-mediator.zopim.com https://services.postcodeanywhere.co.uk/Capture/Interactive/Find/v1.00/json https://bat.bing.com/ https://military1st.zendesk.com/ https://military1st.zendesk.com/frontendevents/dl 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-l1H6-Y9ihVtjFdq7z7m69Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *.americanmeadows.com *.privy.com *.richpanel.com *.ryzeo.com *.signifyd.com *.yotpo.com accounts.livechatinc.com analytics.tiktok.com api.livechatinc.com bam.nr-data.net bat.bing.com cdn-widgetsrepository.yotpo.com cdn.livechatinc.com cdn.richpanel.com cdn.statstrk01.com cdnapisec.kaltura.com chimpstatic.com connect.facebook.net ct.pinterest.com googleads.g.doubleclick.net js-agent.newrelic.com js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hs-scripts.com js-eu1.hscollectedforms.net js-eu1.usemessages.com na-library.klarnaservices.com na-library.playground.klarnaservices.com s.pinimg.com secure.livechatinc.com static.hsappstatic.net static.trackedweb.net staticw2.yotpo.com www.clarity.ms www.facebook.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.youtube.com x.klarnacdn.net cdn.cookielaw.org code.jquery.com api.bluecore.com www.redditstatic.com siteassets.bluecore.com ui.powerreviews.com assets.pinterest.com americanmeadows.formstack.com static.formstack.com ajax.googleapis.com static.powerreviews.com dynamic.criteo.com snap.licdn.com sslwidget.criteo.com widget.us.criteo.com *.paypal.com *.wistia.com *.howuku.com *.jsdelivr.net *.criteo.com *.paypalobjects.com *.clarity.ms *.convertexperiments.com measurement-api.criteo.com display.powerreviews.com *.powerreviews.com *.corvuscro.com mjbeisch.github.io *.noibu.com *.highcountrygardens.com *.hotjar.com *.stripe.com; report-uri /.webscale/csp-report 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.cardnet.com.do *.facebook.com www.google.com www.google-analytics.com *.hotjar.com metrics.hotjar.io *.facebook.net *.gstatic.com cardnet-posthog.firehut.app www.googletagmanager.com cdn.onesignal.com onesignal.com content.hotjar.io *.googleapis.com localhost ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src maxcdn.bootstrapcdn.com https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.criteo.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.multisafepay.com https://pay.google.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudfront.net www.google.nl permalink.psinfoodservice.com www.facebook.com *.linkedin.com squeezely.tech *.bing.com *.criteo.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com *.multisafepay.com maps.gstatic.com ts.tradetracker.net www.magmodules.eu https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.doubleclick.net *.criteo.com *.criteo.net squeezely.tech instant.page *.licdn.com *.bing.com consent.cookiebot.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com s7.addthis.com *.avada.io *.multisafepay.com https://pay.google.com maps.googleapis.com www.gstatic.com tm.tradetracker.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com fonts.googleapis.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com *.multisafepay.com www.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.doubleclick.net *.criteo.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.multisafepay.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-nSKBtzm-fin00I5ad1fYng' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' jhnet.okta.com sso.jhnet.com *.oktacdn.com; connect-src 'self' jhnet.okta.com jhnet-admin.okta.com sso.jhnet.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com jhnet.kerberos.okta.com jhnet.mtls.okta.com https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' jhnet.okta.com sso.jhnet.com *.oktacdn.com; style-src 'unsafe-inline' 'self' jhnet.okta.com sso.jhnet.com *.oktacdn.com; frame-src 'self' jhnet.okta.com jhnet-admin.okta.com sso.jhnet.com login.okta.com *.vidyard.com; img-src 'self' jhnet.okta.com sso.jhnet.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' jhnet.okta.com sso.jhnet.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' 1
frame-ancestors 'none'; default-src 'self'; script-src 'self' 'unsafe-inline'; img-src 'self' static.sprintdatacenter.pl rapiddc.pl; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; form-action 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-a-UygxkffQ1iQM2qpaJXiA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src maxcdn.bootstrapcdn.com lancerto-proxy.eu-de.mybluemix.net actionbot-proxy-lancerto.12lsncf5rsle.eu-de.codeengine.appdomain.cloud *.googleapis.com *.gstatic.com https://geowidget.easypack24.net data: https://cdn.thulium.com/ script.hotjar.com widget.fitanalytics.com/ fontawesome.com *.fontawesome.com widget.fitanalytics.com static.lancerto.com data: 'self' 'unsafe-inline'; form-action www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ consentcdn.cookiebot.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.instagram.com pay.google.com play.google.com testpay.autopay.eu pay.autopay.eu testcards.autopay.eu cards.autopay.eu secure.payu.com merch-prod.snd.payu.com smartforms.ekomi.com *.ekomiapps.de https://geowidget-app.inpost.pl/ https://pudofinder.dpd.com.pl/ *.google.com *.fls.doubleclick.net creativecdn.com gum.criteo.com *.hotjar.com facebook.com start.paypo.pl https://tbs.tradedoubler.com https://imgstatic.eu *.tradedoubler.com *.imgstatic.eu static.criteo.net 'self' fledge.eu.criteo.com td.doubleclick.net *.creativecdn.com ct.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io imgsct.cookiebot.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cdninstagram.com *.tiktok.com platnosci.bm.pl platnosci-accept.bm.pl www.gstatic.com static.payu.com lancerto-proxy.eu-de.mybluemix.net actionbot-proxy-lancerto.12lsncf5rsle.eu-de.codeengine.appdomain.cloud *.gstatic.com *.googleapis.com *.ggpht https://lancerto.com https://geowidget.easypack24.net https://osm.inpost.pl *.revhunter.tech assets.swarmcdn.com analytics.tiktok.com https://maps.googleapis.com/ https://maps.gstatic.com/ https://developers.google.com pixel.wp.pl google.com facebook.com google-analytics.com www.google.pl google.pl script.hotjar.com  data: smart-widget-assets.ekomiapps.de tbl.tradedoubler.com *.stickyadstv.com *.bing.com *.adform.net *.advertising.com ade.clmbtech.com *.criteo.com *.adnxs.com sync.outbrain.com cm.g.doubleclick.net *.analytics.yahoo.com *.yahoo.com *.tribalfusion.com sw-assets.ekomiapps.de developers.google.com *.taboola.com *.3lift.com *.rtb-csync.smartadserver.com *.casalemedia.com *.pixel.rubiconproject.com *.simage2.pubmatic.com *.criteo-sync.teads.tv *.360yield.com *.pubmatic.com *.bidswitch.net criteo-sync.teads.tv *.adscale.de *.omnitagjs.com *.smartadserver.com *.ivitrack.com *.ad.smaato.net *.sharethrough.com *.ssp.rambler.ru *.fls.doubleclick.net *.atdmt.com *.rubiconproject.com *.yieldlab.net *.e-planning.net *.ads.linkedin.com sync-tm.everesttech.net s-cs.send.microad.jp contextual.media.net us-u.openx.net cm.mgid.com pixel.tapad.com ad.as.amanad.adtdp.com an.yandex.ru trends.revcontent.com cw.addthis.com crb.kargo.com i.liadm.com jadserve.postrelease.com sync.aralego.com ad.mail.ru sync-criteo.ads.yieldmo.com a.twiago.com idsync.rlcdn.com criteo-partners.tremorhub.com d.turn.com https://tbs.tradedoubler.com https://imgstatic.eu *.tradedoubler.com *.imgstatic.eu googleads4.g.doubleclick.net *.emxdgt.com googletagmanager.com static.lancerto.com htlfkw.lancerto.com s.thebrighttag.com beacon.krxd.net id5-sync.com exchange.mediavine.com https://csr.onet.pl https://upload.snrcdn.net *.clarity.ms dmp.adform.net ad.doubleclick.net images.autopay.eu ekomi-srr.s3.eu-central-1.amazonaws.com *.googlesyndication.com hb.yahoo.net *.salestube.pl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ consent.cookiebot.com consentcdn.cookiebot.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.instagram.com *.tiktok.com testcards.autopay.eu cards.autopay.eu pay.google.com *.google-analytics.com *.googletagmanager.com *.snrbox.com secure.payu.com secure.snd.payu.com lancerto-proxy.eu-de.mybluemix.net actionbot-proxy-lancerto.12lsncf5rsle.eu-de.codeengine.appdomain.cloud smartforms.ekomi.com *.ekomiapps.de *.googleapis.com *.gstatic.com https://geowidget.easypack24.net https://geowidget.inpost.pl https://bat.bing.com/ https://www.clarity.ms/ assets.swarmcdn.com web.snrbox.com https://cdn.thulium.com/ analytics.tiktok.com https://maps.googleapis.com/ *.google.com sw-assets.ekomiapps.de smart-widget-assets.ekomiapps.de *.googleadservices.com px.leadexpert.pl static.lamoda.pl *.hotjar.com pixel.wp.pl wrap.tradedoubler.com static.criteo.net sslwidget.criteo.com widget.fitanalytics.com metrics.fitanalytics.com metrics-nl.fitanalytics.com cdn.wootric.com swrap.tradedoubler.com ocdn.eu js-agent.newrelic.com bam-cell.nr-data.net *.platform.hicloud.com snap.licdn.com www.snrcdn.net unpkg.com *.doubleclick.net googletagservices.com *.googlesyndication.com www.googletagservices.com https://tbs.tradedoubler.com *.tradedoubler.com https://imgstatic.eu *.imgstatic.eu maps.googleapis.com 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://cdnjs.cloudflare.com https://cdn.juo.io https://sgqcvfjvr.onet.pl https://artemis-cdn.ocdn.eu https://player.vimeo.com https://lib.onet.pl dc.cux.io js.go2sdk.com *.creativecdn.com s.pinimg.com ct.pinterest.com cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com testpay.autopay.eu pay.autopay.eu testcards.autopay.eu cards.autopay.eu *.googleapis.com *.snrcdn.net maxcdn.bootstrapcdn.com lancerto-proxy.eu-de.mybluemix.net actionbot-proxy-lancerto.12lsncf5rsle.eu-de.codeengine.appdomain.cloud *.gstatic.com https://geowidget.easypack24.net https://geowidget.inpost.pl assets.swarmcdn.com sw-assets.ekomiapps.de widget.fitanalytics.com customizations.fitanalytics.com www.snrcdn.net 'self' 'unsafe-inline'; object-src 'self' 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com assets.swarmcdn.com swarmify: blob: video-node.swarmcdn.com https://cdn.thulium.com/ chat-widget.thulium.com static.lancerto.com https://static.lancerto.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com consentcdn.cookiebot.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.tiktok.com *.google-analytics.com *.snrbox.com secure.payu.com merch-prod.snd.payu.com lancerto-proxy.eu-de.mybluemix.net actionbot-proxy-lancerto.12lsncf5rsle.eu-de.codeengine.appdomain.cloud smartforms.ekomi.com *.ekomiapps.de https://geowidget.easypack24.net https://api-pl-points.easypack24.net https://osm.inpost.pl https://bat.bing.com/ *.clarity.ms video-node.swarmcdn.com wss://hornets.swarmcdn.com *.swarmcdn.com https://cdn.thulium.com/ analytics.tiktok.com https://maps.googleapis.com/ stats.g.doubleclick.net wss://v18dxapjmd.execute-api.eu-west-1.amazonaws.com smart-widget-assets.ekomiapps.de *.hotjar.com *.facebook.com clk.leadexpert.pl wss://ws17.hotjar.com  data: eligibility.wootric.com bam-cell.nr-data.net web.snrbox.com widget.fitanalytics.com *.g.doubleclick.net https://in.juo.io https://csr.onet.pl wss://n-541921153-0-27272500-1569843303-5d91e8674295d.track.cux.io events.ocdn.eu adservice.google.com bat.bing.com google.com/pay pay.google.com www.google.com *.analytics.google.com pixel.wp.pl measurement-api.criteo.com pagead2.googlesyndication.com *.creativecdn.com ct.pinterest.com 'self' 'unsafe-inline'; child-src https://tbs.tradedoubler.com https://imgstatic.eu *.tradedoubler.com *.imgstatic.eu http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' https://kiwirail.co.nz/* https://www.googletagmanager.com/ www.kiwirail.co.nz/* http://www.w3.org/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://www.facebook.com https://www.youtube.com/ https://connect.facebook.net/;img-src 'self' 'unsafe-inline' data: http://www.w3.org/ https://www.facebook.com/ https://www.google-analytics.com/;report-uri https://www.kiwirail.co.nz/csp/v1/report; 1
font-src userlike-cdn-umm.b-cdn.net *.gstatic.com data: *.cloudfront.net *.mey.com 'self' data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src ct.pinterest.com *.awin1.com *.zenaps.com td.doubleclick.net fledge.eu.criteo.com fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de ad.ad-srv.net *.adsrvr.org *.fls.doubleclick.net www.facebook.com opt.kuponacdn.de gum.criteo.com pixel.mathtag.comm pp.payengine.de pptest.payengine.de checkoutshopper-test.adyen.com/ checkoutshopper.adyen.com/ 'self' 'unsafe-inline';  img-src www.etracker.de id5-sync.com s.thebrighttag.com beacon.krxd.net *.google.de *.google.com ads.creative-serving.com *.uimserv.net *.adnxs.com ups.analytics.yahoo.com visitor.omnitagjs.com *.ad.smaato.net matching.ivitrack.com exchange.mediavine.com hb.yahoo.net *.adform.net jadserve.postrelease.com *.taboola.com *.stickyadstv.com criteo-sync.teads.tv sync-criteo.ads.yieldmo.com ad.sxp.smartclip.net *.emxdgt.com criteo-partners.tremorhub.com sync.outbrain.com *.3lift.com *.smartadserver.com ads.yahoo.com *.casalemedia.com *.bidswitch.net *.twiago.com contextual.media.net match.sharethrough.com *.pubmatic.com cdn.stickyadstv.com *.adscale.de ad.360yield.com sp.analytics.yahoo.com ad.yieldlab.net cotads.adscale.de *.criteo.com *.liadm.com pixel.rubiconproject.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.adyen.com *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.awin1.com *.zenaps.com *.bing.com *.cloudfront.net stats.g.doubleclick.net *.doubleclick.net *.g.doubleclick.net www.facebook.com www.google.com www.google.de www.googletagmanager.com *.usercentrics.eu *.adfarm1.adition.com *.adition.com *.pinterest.com pixel.mathtag.com *.adnxs.com checkoutshopper-test.adyen.com/ checkoutshopper.adyen.com/ *.mey.com *.clarity.ms 'self' data: data: 'self' 'unsafe-inline'; script-src userlike-cdn-umm.b-cdn.net api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com cdn.polyfill.io browser.sentry-cdn.com *.etracker.de *.etracker.com *.google.de *.google.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.googletagmanager.com *.adyen.com *.googleapis.com www.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de jquery.sellxed.com *.adform.net *.amazon.com js.adsrvr.org *.awin1.com bat.bing.com *.dt51.net *.cloudfront.net googleads.g.doubleclick.net https://www.dwin1.com amplify.outbrain.com tr.outbrain.com wave.outbrain.com lantern.roeyecdn.com connect.facebook.net www.google.com *.google-analytics.com www.gstatic.com mastertag.kpcustomer.de opt.kuponacdn.de bam.nr-data.net bam.eu01.nr-data.net js-agent.newrelic.com static.shopgate.com *://the.sciencebehindecommerce.com tagmanager.google.com *.usercentrics.eu *.kuponacdn.de app.theadx.com browser-update.org pixel.mathtag.com pptest.payengine.de *.adnxs.com static.criteo.net s.pinimg.com sslwidget.criteo.com *.clarity.ms *.mey.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.usercentrics.eu *.cloudfront.net *.mey.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google.com maps.googleapis.com userlike-cdn-umm.b-cdn.net api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com sentry.mey.netz98.org eu-api.friendlycaptcha.eu www.etracker.de www.facebook.com www.clarity.ms dpm.demdex.net amcglobal.sc.omtrdc.net googleads.g.doubleclick.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de stats.g.doubleclick.net mey.dvinci-hr.com bam.eu01.nr-data.net https://the.sciencebehindecommerce.com https://*.wepowerconnections.com tr.outbrain.com *.usercentrics.eu aggregator.service.usercentrics.eu bat.bing.com *.pinterest.com *.google-analytics.com *.maps.googleapis.com *.mey.com *.cloudfront.net *.clarity.ms 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https:; script-src 'report-sample' 'self' 'nonce-118b25ac23773082b93d2b84b9387c94' 'sha256-Uar6/o6bHxLbvYdSPaAi9aPBl0o2QLBH4YZtTV7Yh9U=' *.forcloudcdn.com *.forter.com analytics.tiktok.com analytics.twitter.com app.link cdn.branch.io connect.facebook.net dkupaw9ae63a8.cloudfront.net googleads.g.doubleclick.net maps.googleapis.com sc-static.net static.ads-twitter.com tools.luckyorange.com tr.snapchat.com websdk.appsflyer.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.youtube.com; style-src 'self' 'unsafe-inline' *.forcloudcdn.com fonts.googleapis.com; connect-src https: wss:; img-src data: https:; font-src data: https:; frame-src 'self' bid.g.doubleclick.net bytedance: fordeal: sslocal: tr.snapchat.com tr6.snapchat.com www.facebook.com www.youtube.com; object-src 'none'; child-src 'self' blob:; base-uri 'none'; report-uri https://dot-hub-x.fordeal.com/api/csp-reports?who=client_customer&app=fordeal 1
object-src 'none';base-uri 'self';script-src 'nonce-tOKAmKy0cFOKb3Gm-jrqbQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self'; block-all-mixed-content; default-src 'self'; form-action 'self'; frame-ancestors 'self'; plugin-types 'none'; script-src 'self' 'report-sample' 'unsafe-inline'; style-src 'self' 'report-sample' 'unsafe-inline'; object-src 'none'; worker-src 'none'; report-uri https://prod.ap.batic.cudasvc.com/xenios/api/v1/error/report??paid=151&spid=24831&v=v1.0&payload=ymp00hZ1EycWvkX3IquhUieuZ-WwiM7wmeLf82fnMT69Ci9B7FK7PRnZ_OiboAUwEjwEqSghso8DM_33etlt9XuT4x5YOHM7fKxGyzqQIiItHmrWNag-GUUJ8obAxBdTTuOOHoFPwdO5lB9SOyYAjlpRzobpYJ8EcTW6YQov578=; 1
font-src fonts.googleapis.com fonts.gstatic.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com https://*.salesforce.com/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com https://fecdn.user1st.info/ https://*.vimeo.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.bird.eu www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://fecdn.user1st.info/ https://*.online-metrix.net/ https://*.giuseppezanotti.com/ https://*.web.loc/ https://*.vimeo.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com songbirdstag.cardinalcommerce.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://developer.adobe.com https://magento.com https://fecdn.user1st.info/ https://*.online-metrix.net/ https://*.giuseppezanotti.com/ https://*.web.loc/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://*.giuseppezanotti.com/ https://*.web.loc/ https://s3-us-west-2.amazonaws.com/ blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net https://*.googleapis.com thm.visa.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://developer.adobe.com https://fecdn.user1st.info/ https://*.online-metrix.net/ https://maps.google.com https://maps.gstatic.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src 'self' https: data:; img-src 'self' https: data: blob:; style-src 'self' https: 'unsafe-inline'; frame-ancestors 'none'; script-src 'strict-dynamic' 'unsafe-eval' 'nonce-+p4XeguBo2VR1q4xIu3MBg=='; default-src 'self' https: wss:; script-src-attr 'unsafe-inline'; report-uri https://sentry.olc.cz/api/19/security/?sentry_key=58622d10e65d4510b8947a9e685d8e4f&sentry_environment=production&sentry_release=24.07.15 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net https://*.gstatic.com *.klevu.com *.ksearchnet.com *.fontawesome.com maxcdn.bootstrapcdn.com www.denotenshop.nl data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.denotenshop.nl 'self' 'unsafe-inline'; frame-ancestors www.denotenshop.nl 'self'; frame-src bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com platform.twitter.com js.mollie.com www.denotenshop.nl 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net https://belco-prod.s3-eu-central-1.amazonaws.com https://images.unsplash.com maps.gstatic.com maps.google.com *.googleapis.com *.klevu.com *.ksearchnet.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com https://www.mollie.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com www.denotenshop.nl data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://cdn.belco.io *.googleapis.com maps.google.com js.klevu.com *.ksearchnet.com *.avada.io connect.facebook.net twitter.com platform.twitter.com js.mollie.com *.googletagmanager.com tagmanager.google.com www.denotenshop.nl 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com https://*.googleapis.com *.klevu.com *.ksearchnet.com *.fontawesome.com maxcdn.bootstrapcdn.com tagmanager.google.com fonts.google.com www.denotenshop.nl https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.denotenshop.nl 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io wss://chat.belco.io https://cdn.belco.io *.hyperstack.nl *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com www.denotenshop.nl 'self' 'unsafe-inline'; child-src www.denotenshop.nl http: https: blob: 'self' 'unsafe-inline'; default-src www.denotenshop.nl 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce--_RtDvIzBZT5lVuRbQfdqw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
upgrade-insecure-requests; report-uri https://tanp.report-uri.com/r/d/csp/reportOnly 1
img-src 'self' www.facebook.com www.instagram.com https://*.keywee.co https://images.ctfassets.net https://i.ytimg.com https://a.storyblok.com https://cdn-ukwest.onetrust.com https://connect.facebook.net https://www.facebook.com https://d25d2506sfb94s.cloudfront.net https://*.google.com https://*.google-analytics.com https://*.doubleclick.net https://*.googletagmanager.com https://*.gstatic.com https://*.googleadservices.com https://www.google.com.de https://www.google.com.pl https://www.google.com.es https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://images.getinconvo.com https://cdn.yougov.chat https://attachments-bucket-eu-west-1-prod.s3.eu-west-1.amazonaws.com data:; report-uri https://o198417.ingest.sentry.io/api/5594314/security/?sentry_key=f6766c04be5e496fa1fbd7ee7f3ded56&sentry_environment=production&sentry_release=undefined; 1
object-src 'none';base-uri 'self';script-src 'nonce-tPw1DgySVISQNuRdS-0WOQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com geowidget.easypack24.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.sharethis.com https://accounts.google.com *.twitter.com accounts.google.com secure.payu.com merch-prod.snd.payu.com *.doubleclick.net vars.hotjar.com *.facebook.com m.goadservices.com apis.google.com www.google.com *.cookiebot.com ams.creativecdn.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net *.sharethis.com data.imoje.pl *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net static.payu.com trustmate.io www.google.pl csr.onet.pl bbnaut.ibillboard.com rm.em.nscontext.eu mc.yandex.ru rtb-csync.smartadserver.com connect.facebook.net *.tile.openstreetmap.org geowidget.easypack24.net maps.gstatic.com maps.googleapis.com *.doubleclick.net kodano.pl ade.googlesyndication.com bat.bing.com qon-csts3.quartic.com.pl c.seznam.cz  payment.ecommerce.sebgroup.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.sharethis.com paywall.imoje.pl sandbox.paywall.imoje.pl *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com accounts.google.com *.avada.io secure.payu.com secure.snd.payu.com trustmate.io *.hotjar.com mc.yandex.ru *.goadservices.com geowidget.easypack24.net maps.googleapis.com *.pushpushgo.com apis.google.com js-agent.newrelic.com *.cookiebot.com bat.bing.com *.tiktok.com *.smartsuppcdn.com www.smartsuppchat.com *.crazyegg.com bam.eu01.nr-data.net static.cloudflareinsights.com *.quarticon.it *.quarticon.com *.quartic.com.pl *.ar-labs.io tags.creativecdn.com c.imedia.cz c.seznam.cz nominatim.openstreetmap.org 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com https://accounts.google.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com accounts.google.com trustmate.io geowidget.easypack24.net *.quartic.com.pl widget-v3.smartsuppcdn.com www.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io *.sharethis.com https://accounts.google.com *.cloudflare.com *.twitter.com *.twimg.com accounts.google.com https://get.geojs.io *.avada.io secure.payu.com merch-prod.snd.payu.com trustmate.io mc.yandex.ru *.doubleclick.net *.analytics.google.com api-shipx-pl.easypack24.net pagead2.googlesyndication.com maps.googleapis.com *.cookiebot.com *.tiktok.com *.smartsupp.com *.smartsuppcdn.com *.smartsuppchat.com *.crazyegg.com bam.eu01.nr-data.net *.quarticon.it *.ar-labs.io www.google.com ams.creativecdn.com region1.google-analytics.com nominatim.openstreetmap.org 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://szkla0com.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-8Dou8up1hAQMFKqIGVenig' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-iv_5ViFh4PWQSqjE_Vja7A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net https://www.gstatic.com https://fonts.gstatic.com 'self' 'self' data: https://*.tawk.to data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://*.adyen.com 'self' 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.adyen.com https://www.googletagmanager.com/ https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' https://consentcdn.cookiebot.com 'self' 'unsafe-inline'; img-src cdn.zitmaxx.nl https://pim.zitmaxx.nl assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io *.adyen.com *.bird.eu https://images.unsplash.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com 'self' data: https: http: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.adyen.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://www.google.com https://www.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://www.googletagmanager.com https://www.googleoptimize.com https://*.tawk.to https://secure.adnxs.com https://cdn.jsdelivr.net https://*.expivi.net d5yoctgpv4cpx.cloudfront.net https://consent.cookiebot.com https://consentcdn.cookiebot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com 'self' 'unsafe-inline' https://*.tawk.to https://*.expivi.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src https://pim.zitmaxx.nl dpm.demdex.net amcglobal.sc.omtrdc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io *.adyen.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com 'self' https://*.google-analytics.com wss://*.tawk.to rkkck31tec.execute-api.eu-central-1.amazonaws.com https: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-ovsUmUPbrL68xw2RTapEsQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri *.google.com *.gstatic.com 'self' 'unsafe-inline'; default-src *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; media-src *.google.com *.gstatic.com *.storyblok.com *.zdassets.com *.doofinder.com 'self' 'unsafe-inline'; manifest-src *.google.com *.gstatic.com 'self' 'unsafe-inline'; child-src *.google.com *.gstatic.com http: https: blob: 'self' 'unsafe-inline'; object-src *.google.com *.gstatic.com 'self' 'unsafe-inline'; style-src *.google.com *.gstatic.com *.doofinder.com *.photoslurp.com *.nosto.com *.klaviyo.com *.typekit.net *.storyblok.com 'self' 'unsafe-inline'; img-src *.google.com *.gstatic.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.adyen.com cdn.doofinder.com https://images.unsplash.com *.facebook.com *.google.es widgets.trustedshops.com *.twitter.com t.co *.azureedge.net *.pinterest.com *.doofinder.com *.bing.com *.storyblok.com data: 'self' 'unsafe-inline'; form-action *.google.com *.gstatic.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com 'self' 'unsafe-inline'; font-src *.google.com fonts.gstatic.com *.azureedge.net *.doofinder.com *.typekit.net *.googleapis.com data: 'self' 'unsafe-inline'; frame-ancestors *.google.com *.gstatic.com *.storyblok.com 'self'; frame-src td.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com *.hotjar.com *.oct8ne.com *.pinterest.com *.doofinder.com *.empathybroker.com *.empathy.co *.criteo.com 'self' 'unsafe-inline'; connect-src *.google.com *.googlesyndication.com analytics.tiktok.com *.analytics.google.com *.gstatic.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.doofinder.com wss://*.doofinder.com *.oct8ne.com *.zendesk.com *.zopim.com *.doubleclick.net *.hotjar.com *.hotjar.io *.clarity.ms *.smartsuppcdn.com *.googleapis.com *.google-analytics.com *.google.es *.connectif.cloud *.klaviyo.com *.photoslurp.com *.zdassets.com *.pinterest.com *.nosto.com *.empathybroker.com *.empathy.co 'self' 'unsafe-inline'; script-src https://analytics.tiktok.com *.google.com *.gstatic.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com cdn.doofinder.com www.googletagmanager.com *.googleoptimize.com widgets.trustedshops.com static-eu.oct8ne.com static.zdassets.com *.facebook.net *.tradedoubler.com *.doubleclick.net *.hotjar.com *.ads-twitter.com smct.co *.bsmartdata.com *.retargeted.co *.bing.com *.clarity.ms *.smartsuppcdn.com *.smartsuppchat.com *.smartsupp.com *.connectif.cloud *.klaviyo.com *.photoslurp.com *.pinimg.com *.nosto.com *.doofinder.com *.empathybroker.com *.unpkg.com *.storyblok.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
object-src 'none';base-uri 'self';script-src 'nonce-V7UQ6d3BBQWM7fSlJ7Gr0Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.facebook.com 3dsecure.nexi.it *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.nexigroup.com *.redsys.es *.sia.eu *.vinea.es *.ing.ro *.landbank.com *.eewosecure.com *.sibs.ro *.mercurypaymentservices.it *.netsgroup.com *.cic.fr *.creditmutuel.fr *.modirum.com *.secure.lcl.fr *.arcot.com www.securesuite.co.uk *.wlp-acs.com *.otpbank.hu *.3ds-hanseaticbank.de *.abanca.com *.securesuite.co.uk *.revolut.com *.apata.io *.ing.com *.psa.at *.stripeauthentications.com www.secure22gw.ro *.secure22gw.ro *.winbank.gr *.piraeusbank.gr www.rsa3dsauth.co.uk *.n26.com *.egcp.com *.cardcomplete.com *.sibs.pt *.swedbank.se *.3dsecure.no *.citibank.pl 3dsecure-vrp.de *.3dsecure-vrp.de *.consorsfinanz.de *.emlpayments.com *.bnpparibas.pl *.pluscard.de *.sgb.pl *.cm-cic.com *.edb.com *.cyris.com *.garantibank.ro *.kombank.com:8449 *.pkobp.pl *.sebkort.com *.enfuce.com:* *.cardcenter.ch *.bankmillennium.pl *.nbg.gr *.easybank.at *.bpcprocessing.com *.capitalone.com *.kbcard.com *.sparebank1.no *.viseca.ch *.luottokunta.fi *.csi-processing.com *.cld.asseco-see.hr *.bankid.no *.ibotta.com *.marqeta.com *.raiffeisen.hu *.fisglobal.com *.3debspay.boc.cn *.btrl.ro *.sparkassen-kreditkarten.de *.firstdata.de *.bonuscard.ch *.cornercard.ch *.dkb.de *.sparkasse.at *.uobgroup.com *.bkm.com.tr *.garanti.com.tr *.acb.com.vn:* *.borica.bg *.hdbank.com.vn:* *.kredobank.com.ua *.mbank.pl *.s-id-check-sparkassen.de *.six-group.com *.sbanken.no *.credit-agricole.pl *.samsungcard.com *.mycardplace.com *.otpbanka.hr *.apac.citibank.com *.monzo.com *.alinma.com *.rsa3dsauth.com rsa3dsauth.com easyabc.95599.cn *.easyabc.95599.cn *.bov.com *.ipc.kg *.oschadbank.ua *.qnb.com *.seglan.com *.placetopay.com *.postfinance.ch *.leobank.az *.maybank.com.sg *.raiffeisenbank.rs *.tatrabanka.sk *.ocbc.com *.cupdapp.cn *.fssnet.co.in *.gc.ge *.luminorgroup.com *.swisscard.ch *.targobank.de *.bankofafrica.ma *.rba.hr *.privatbank.ua *.3dsecure-csas.cz *.smartsecure.tsys.co.uk *.ccb.com.cn *.2c2p.com *.bci.cl *.commerzbank.de mycardsecure.com *.mycardsecure.com *.citadele.lv *.creditcard.ecitic.com *.monext.fr *.pekao24.pl *.nonghyup.com *.acs.cmbchina.com *.comdirect.de *.mutuauniversal.net *.centrum24.pl *.acdcproc.com *.akbank.com.tr *.paylife.at *.hanacard.co.kr:* *.ufc.ge *.gpesecure.com *.cafis-paynet.jp *.lloydsbankinggroup.com *.mitid.dk *.nccc.com.tw *.cebbank.com *.rpc-raiffeisen.com *.upc.ua *.kapitalbank.az *.ukrsibbank.com *.bcc.kz:* *.cgbchina.com.cn *.klikbca.com *.sumup.com *.hpb.hr *.inecoecom.am *.redbanc.cl *.yapikredi.com.tr *.emv.acs.opentech.com *.attijariwafa.com *.areq.mpts.modirum.com:* *.bkm.com.tr:* *.3dsacs.net *.maybank.com.my *.wibmo.com *.icicibank.com *.afs.com.bh *.kaspi.kz *.ntctr.acs.danskebank.com *.optimuscards.com *.abmb.com.my *.slsp.sk *.zen.com *.sparda.de *.ecommerce.md *.spdb.com.cn:* *.smartsecure.tsys.co.uk:* *.acswbpd.ccb.com *.eahli.com *.zaba.hr *.fortebank.com *.fuib.com *.estcard.ee *.tribepayments.com *.ctbcbank.com *.armbusinessbank.am *.bancochile.cl *.cathaybk.com.tw *.soldo.com *.capitecbank.co.za *.mbank.sk *.starlingbank.com *.hitrust-us.com:9750 *.enginebystarling.net *.cardinalcommerce.com:* *.id.mastercard.bunq.com *.santander.cl *.secureacs.com *.bog.ge *.consorsbank.de *.ing.de *.icbc.com.cn *.hsbc.co.id *.rpc-raiffeisen.com:* *.stcpay.com.sa *.3dsecure-atruvia.de *.hu.bpcbt.com *.a-bank.com.ua *.ipakyulibank.uz:* bezpecne-platby.rb.cz *.bezpecne-platby.rb.cz *.santander.com.br *.2c2p.com:* *.asseco-see.hr:* particuliers.sg.fr *.particuliers.sg.fr *.bccard.com *.petafuel.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.sharethis.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.gigya.com pay.google.com consentcdn.cookiebot.com www.youtube.com vimeo.com *.facebook.com https://www.yumpu.com/ *.snapchat.com *.doubleclick.de *.doubleclick.ne *.doubleclick.net *.sc-static.net sc-static.net *.container.webgains.link 3dsecure.nexi.it *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.recaptcha.net *.google.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.nexigroup.com *.redsys.es *.sia.eu *.vinea.es *.ing.ro *.landbank.com *.eewosecure.com *.sibs.ro *.mercurypaymentservices.it *.netsgroup.com *.cic.fr *.creditmutuel.fr *.modirum.com *.secure.lcl.fr *.arcot.com www.securesuite.co.uk *.wlp-acs.com *.otpbank.hu *.3ds-hanseaticbank.de *.abanca.com *.securesuite.co.uk *.revolut.com *.apata.io *.ing.com *.psa.at *.stripeauthentications.com www.secure22gw.ro *.secure22gw.ro *.winbank.gr *.piraeusbank.gr www.rsa3dsauth.co.uk *.n26.com *.egcp.com *.cardcomplete.com *.sibs.pt *.swedbank.se *.3dsecure.no *.citibank.pl 3dsecure-vrp.de *.3dsecure-vrp.de *.consorsfinanz.de *.emlpayments.com *.bnpparibas.pl *.pluscard.de *.sgb.pl *.cm-cic.com *.edb.com *.cyris.com *.garantibank.ro *.kombank.com:8449 *.pkobp.pl *.sebkort.com *.enfuce.com:* *.cardcenter.ch *.bankmillennium.pl *.nbg.gr *.easybank.at *.bpcprocessing.com *.capitalone.com *.kbcard.com *.sparebank1.no *.viseca.ch *.luottokunta.fi *.csi-processing.com *.cld.asseco-see.hr *.bankid.no *.ibotta.com *.cardinalcommerce.com *.marqeta.com *.raiffeisen.hu *.fisglobal.com *.3debspay.boc.cn *.btrl.ro *.sparkassen-kreditkarten.de *.firstdata.de *.bonuscard.ch *.cornercard.ch *.dkb.de *.sparkasse.at *.uobgroup.com *.bkm.com.tr *.garanti.com.tr *.acb.com.vn:* *.borica.bg *.hdbank.com.vn:* *.kredobank.com.ua *.mbank.pl *.s-id-check-sparkassen.de *.six-group.com *.sbanken.no *.credit-agricole.pl *.samsungcard.com *.mycardplace.com *.otpbanka.hr *.apac.citibank.com *.monzo.com *.alinma.com *.rsa3dsauth.com rsa3dsauth.com easyabc.95599.cn *.easyabc.95599.cn *.bov.com *.ipc.kg *.oschadbank.ua *.qnb.com *.seglan.com *.placetopay.com *.postfinance.ch *.leobank.az *.maybank.com.sg *.raiffeisenbank.rs *.tatrabanka.sk *.ocbc.com *.cupdapp.cn *.fssnet.co.in *.gc.ge *.luminorgroup.com *.swisscard.ch *.targobank.de *.bankofafrica.ma *.rba.hr *.privatbank.ua *.3dsecure-csas.cz *.smartsecure.tsys.co.uk *.ccb.com.cn *.2c2p.com *.bci.cl *.commerzbank.de mycardsecure.com *.mycardsecure.com *.citadele.lv *.creditcard.ecitic.com *.monext.fr *.pekao24.pl *.nonghyup.com *.acs.cmbchina.com *.comdirect.de *.mutuauniversal.net *.centrum24.pl *.acdcproc.com *.akbank.com.tr *.paylife.at *.hanacard.co.kr:* *.ufc.ge *.gpesecure.com *.cafis-paynet.jp *.lloydsbankinggroup.com *.mitid.dk *.nccc.com.tw *.cebbank.com *.rpc-raiffeisen.com *.upc.ua *.kapitalbank.az *.ukrsibbank.com *.bcc.kz:* *.cgbchina.com.cn *.klikbca.com *.sumup.com *.hpb.hr *.inecoecom.am *.redbanc.cl *.yapikredi.com.tr *.emv.acs.opentech.com *.attijariwafa.com *.areq.mpts.modirum.com:* *.bkm.com.tr:* *.3dsacs.net *.maybank.com.my *.wibmo.com *.icicibank.com *.afs.com.bh *.kaspi.kz *.ntctr.acs.danskebank.com *.optimuscards.com *.abmb.com.my *.slsp.sk *.zen.com *.sparda.de *.ecommerce.md *.spdb.com.cn:* *.smartsecure.tsys.co.uk:* *.acswbpd.ccb.com *.eahli.com *.zaba.hr *.fortebank.com *.fuib.com *.estcard.ee *.tribepayments.com *.ctbcbank.com *.armbusinessbank.am *.bancochile.cl *.cathaybk.com.tw *.soldo.com *.capitecbank.co.za *.mbank.sk *.starlingbank.com *.hitrust-us.com:9750 *.enginebystarling.net *.cardinalcommerce.com:* *.id.mastercard.bunq.com *.santander.cl *.secureacs.com *.bog.ge *.consorsbank.de *.ing.de *.icbc.com.cn *.hsbc.co.id *.rpc-raiffeisen.com:* *.stcpay.com.sa *.3dsecure-atruvia.de *.hu.bpcbt.com *.a-bank.com.ua *.ipakyulibank.uz:* bezpecne-platby.rb.cz *.bezpecne-platby.rb.cz *.santander.com.br *.2c2p.com:* *.asseco-see.hr:* particuliers.sg.fr *.particuliers.sg.fr *.bccard.com *.petafuel.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net commerce.adobe.io widgets.magentocommerce.com data: www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com *.sharethis.com *.trackedlink.net *.gigya.com 'self' data: 'unsafe-inline' data: *.magentosite.cloud panini.it *.googleapis.com *.gstatic.com bam.nr-data.net www.panini.it www.paninibelgium.com www.panini.co.il www.panini.es www.panini.co.uk www.panini.fr www.panini.ch www.panininederland.com www.paninihungary.com www.panini.pl www.paniniportugal.com www.paninistore.com www.panini.ro www.panini.com.gr www.panini.de collectibles.paniniamerica.net www.paninisuomi.com www.paninisverige.com www.paninidanmark.com www.panininorge.com *.bing.com ib.adnxs.com *.facebook.com *.tiktok.com *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.cookiebot.com *.doubleclick.net *.google.com *.google.it *.google.fr *.google.es *.google.be *.twitter.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.adyen.com *.sharethis.com jquery.sellxed.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.gigya.com https://cdnjs.cloudflare.com *.panini.it *.facebook.net *.googleapis.com js-agent.newrelic.com bam.eu01.nr-data.net bam.nr-data.net consent.cookiebot.com consentcdn.cookiebot.com *.clarity.ms cdn.noibu.com wss://*.noibu.com https://*.noibu.com *.queue-it.net *.bing.com *.sc-static.net sc-static.net *.adnxs.com *.acdn.adnxs.com acdn.adnxs.com https://players.yumpu.com *.snapchat.com *.facebook.com *.connect.facebook.net connect.facebook.net *.ads-twitter.com *.google.com *.google.it *.recaptcha.net *.tiktok.com analytics.webgains.io *.webgains.link *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.collectibles.paniniamerica.net *.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.cardinalcommerce.com cdns.eu1.gigya.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.sharethis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com 'unsafe-inline' data: *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com js-agent.newrelic.com *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.collectibles.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.adyen.com *.sharethis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.panini.it *.gigya.com *.pnn.webformat.cloud *.googleapis.com consentcdn.cookiebot.com consent.cookiebot.com *.facebook.com google.com/pay pay.google.com wss://*.noibu.com https://*.noibu.com bam.nr-data.net paninitutor-be-stage.nw.r.appspot.com paninitutor-be-prod.nw.r.appspot.com clarity.ms *.clarity.ms paniniadrenalyn.com *.paniniadrenalyn.com paninitutor-be-stage.appspot.com paninitutor-be-prod.appspot.com *.snapchat.com *.google.com *.google.it *.doubleclick.net *.pagead2.googlesyndication.com *.tiktok.com *.webgains.io *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.bing.com *.google.fr *.google.es *.google.be *.googlesyndication.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.cardinalcommerce.com myp3-cdc-global.mypanini.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src wss://*.noibu.com https://*.noibu.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';report-uri https://www.panini.es/shp_esp_es/webformat_csptools/report/; 1
object-src 'none';base-uri 'self';script-src 'nonce-1yHD0jFHNNVP0monAkeDyQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-wqJt2anI7UdXXwVDGfXq0g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-tumDks6rvvuo54Y8HSJq4Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-8hgbhyjoC5eHjr1IsgxFSw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-PzoimmFkCnlbwaaf4v6ukQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-B5UVyW72IYmQJUqBDX6S7Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-pHb8oaAAnXcs-9zbZnUHVw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-hce0Cx5BrFEQzNJ6BV0K_A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Plrkp__aJz1Zp1WS12waFw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-MQZw0OIkqRV_ELPBzslakg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-ka5wZcTnmIuM0skLMEhOyA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-cXLixOJiPUnO66x9EtoTGA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-lvZTCq7bGayQA1wBiZOIFg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-V5oyOSTMaA4OOrAFF2NdnQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-3s1CwPsd1m2lmVJeTOpZog' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-q8KFzsJBbC1yl8KjU4GAFg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-6sRbh_B-o85TZvIyDKBR2A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-J6YZeDNaHK7-aIcjq6LWWA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: use.fontawesome.com cdn.jsdelivr.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /nmms/csp-reporting-lo 1
object-src 'none';base-uri 'self';script-src 'nonce-88Wg9gv8BXidCxnuJmQaPg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-_rezBoXX1vKMj5bIdU3lqg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src https://*.twitter.com https://www.facebook.com https://connect.facebook.net https://www.clickcease.com https://*.googlesyndication.com https://*.g.doubleclick.net https://www.googleoptimize.com https://*.hotjar.com https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com https://www.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://maps.googleapis.com https://www.youtube.com https://*.usercentrics.eu https://ista.piwik.pro 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample'; frame-src https://*.twitter.com https://www.facebook.com https://*.g.doubleclick.net https://*.googlesyndication.com *.google.com *.vimeo.com *.youtube-nocookie.com *.youtube.com https://*.usercentrics.eu; connect-src https://siteintercept.qualtrics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.googlesyndication.com https://*.googleapis.com *.google.com https://*.gstatic.com blob: data: https://fonts.googleapis.com https://*.usercentrics.eu https://tracking.ista.com https://ista.piwik.pro 'self'; img-src 'self' data: https:; frame-ancestors 'self'; script-src-elem https://*.twitter.com https://www.facebook.com https://connect.facebook.net https://www.clickcease.com https://*.googlesyndication.com https://*.g.doubleclick.net https://www.googleoptimize.com https://*.hotjar.com https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com https://www.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://maps.googleapis.com https: 'unsafe-eval' blob: 'self' 'unsafe-inline' 'report-sample'; font-src https://fonts.gstatic.com 'self'; style-src-elem https://fonts.gstatic.com https://fonts.googleapis.com 'self' 'unsafe-inline' 'report-sample'; worker-src https://*.twitter.com https://www.facebook.com https://connect.facebook.net https://www.clickcease.com https://*.googlesyndication.com https://*.g.doubleclick.net https://www.googleoptimize.com https://*.hotjar.com https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com https://www.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://maps.googleapis.com blob:; style-src https://fonts.googleapis.com https://*.usercentrics.eu 'self' 'unsafe-inline' 'report-sample'; default-src 'self'; base-uri 'self'; media-src 'self' https:; object-src 'none'; report-uri https://www.ista.com/corporate/@http-reporting?csp=report&requestTime=1721956372234050 1
font-src foodservicedirect.net *.foodservicedirect.net cloudfront.net *.cloudfront.net *.foodservicedirect.com *.googleapis.com trevipay.app braintree.com afterpay.com trevipay.com paypal.com *.typekit.net *.authorize.net *.trustwave.com *.cdn-apple.com *.doubleclick.net *.zendesk.com *.userway.org *.amazonaws.com *.loyaltylion.net *.yottaa.com *.yottaa.net *.google.com *.trustpilot.com *.pricespider.com *.zdassets.com *.ads-twitter.com *.newrelic.com *.pinterest.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.dotdigital-pages.com *.dotdigital.com foodservicedirect.net *.foodservicedirect.net cloudfront.net *.cloudfront.net *.foodservicedirect.com *.googleapis.com trevipay.app braintree.com afterpay.com trevipay.com paypal.com *.authorize.net *.trustwave.com *.cdn-apple.com *.doubleclick.net *.zendesk.com *.userway.org *.amazonaws.com *.loyaltylion.net *.yottaa.com *.yottaa.net *.google.com *.trustpilot.com *.pricespider.com *.zdassets.com *.ads-twitter.com *.newrelic.com *.pinterest.com *.gstatic.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://static.afterpay.com https://site-assets.afterpay.com/ foodservicedirect.net *.foodservicedirect.net cloudfront.net *.cloudfront.net *.foodservicedirect.com *.googleapis.com trevipay.app braintree.com afterpay.com trevipay.com paypal.com *.gstatic.com *.google.com *.authorize.net *.trustwave.com *.cdn-apple.com *.doubleclick.net *.zendesk.com *.userway.org *.amazonaws.com *.loyaltylion.net *.yottaa.com *.yottaa.net *.trustpilot.com *.pricespider.com *.zdassets.com *.ads-twitter.com *.newrelic.com *.pinterest.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com foodservicedirect.net *.foodservicedirect.net cloudfront.net *.cloudfront.net *.foodservicedirect.com *.googleapis.com trevipay.app braintree.com afterpay.com trevipay.com paypal.com *.authorize.net *.trustwave.com *.cdn-apple.com *.doubleclick.net *.zendesk.com *.userway.org *.amazonaws.com *.loyaltylion.net *.yottaa.com *.yottaa.net *.google.com *.trustpilot.com *.pricespider.com *.zdassets.com *.ads-twitter.com *.newrelic.com *.pinterest.com *.gstatic.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com foodservicedirect.net *.foodservicedirect.net cloudfront.net *.cloudfront.net *.foodservicedirect.com *.googleapis.com trevipay.app braintree.com afterpay.com trevipay.com paypal.com *.typekit.net *.authorize.net *.trustwave.com *.cdn-apple.com *.doubleclick.net *.zendesk.com *.userway.org *.amazonaws.com *.loyaltylion.net *.yottaa.com *.yottaa.net *.google.com *.trustpilot.com *.pricespider.com *.zdassets.com *.ads-twitter.com *.newrelic.com *.pinterest.com unsafe-inline assets.braintreegateway.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com foodservicedirect.net *.foodservicedirect.net cloudfront.net *.cloudfront.net *.foodservicedirect.com *.googleapis.com trevipay.app braintree.com afterpay.com trevipay.com paypal.com *.authorize.net *.trustwave.com *.cdn-apple.com *.doubleclick.net *.zendesk.com *.userway.org *.amazonaws.com *.loyaltylion.net *.yottaa.com *.yottaa.net *.google.com *.trustpilot.com *.pricespider.com *.zdassets.com *.ads-twitter.com *.newrelic.com *.pinterest.com *.gstatic.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com foodservicedirect.net *.foodservicedirect.net cloudfront.net *.cloudfront.net *.foodservicedirect.com *.googleapis.com trevipay.app braintree.com afterpay.com trevipay.com paypal.com *.authorize.net *.trustwave.com *.cdn-apple.com *.doubleclick.net *.zendesk.com *.userway.org *.linkedin.com *.amazonaws.com *.loyaltylion.net *.yottaa.com *.yottaa.net *.google.com *.trustpilot.com *.pricespider.com *.zdassets.com *.ads-twitter.com *.newrelic.com *.pinterest.com *.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; img-src * data: blob:; media-src 'self' data:; script-src 'self' 'nonce-nt02W0Dd/NEV9REEMpP1zxmcGp/QIMbC' 'unsafe-inline' 'unsafe-eval' https://tag.myaspectra.ch/rt/matomo.js https://www.youtube.com/iframe_api https://www.youtube.com https://cdn.plyr.io https://player.vimeo.com/api/player.js; style-src 'self' 'unsafe-inline' https://unpkg.com/survey-jquery@1.9.74/survey.css https://cdn.plyr.io/3.6.12/plyr.css; frame-src 'self' https://www.youtube-nocookie.com https://player.vimeo.com; connect-src 'self' blob: https://tag.myaspectra.ch https://noembed.com https://cdn.plyr.io; font-src 'self' data:; report-to endpoint 1
object-src 'none';base-uri 'self';script-src 'nonce--kNzYVcy0cL3R6Ah_BRrEw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src https: blob: mediastream: data: 'unsafe-inline' 'unsafe-eval' 1
script-src-elem *.oracleinfinity.io *.greencolumnart.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src-elem *.greencolumnart.com 'self' 'unsafe-inline'; font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.greencolumnart.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.greencolumnart.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.greencolumnart.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.greencolumnart.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.facebook.com *.integration.komax.eclt.lnt.cl *.greencolumnart.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com *.integration.komax.eclt.lnt.cl *.greencolumnart.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com unsafe-inline assets.braintreegateway.com tagmanager.google.com maxcdn.bootstrapcdn.com *.greencolumnart.com 'self' 'unsafe-inline'; object-src *.greencolumnart.com 'self' 'unsafe-inline'; media-src *.adobe.com *.greencolumnart.com 'self' 'unsafe-inline'; manifest-src *.greencolumnart.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.facebook.net *.greencolumnart.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.greencolumnart.com http: https: blob: 'self' 'unsafe-inline'; default-src *.greencolumnart.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.greencolumnart.com 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-3WmpsxS4rFap-EX28AQY-g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: assets.fstoolbox.com www.fstoolbox.com *.gstatic.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src *.gstatic.com data: fonts.googleapis.com fonts.gstatic.com oct8necdneu.azureedge.net *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com sis-t.redsys.es:* sis.redsys.es sis-t.sermepa.es:* sis.sermepa.es *.facebook.com *.twitter.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.youtube.com *.vimeo.com *.cookiebot.com *.oct8ne.com *.doubleclick.net *.twitter.com https://www.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net i.ytimg.com oct8necdneu.azureedge.net *.cloudflare.com *.klarna.com *.googleadservices.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com polyfill.io *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.cookiebot.com *.oct8ne.com *.adyen.com cdn.doofinder.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.nr-data.net *.newrelic.com *.trackedlink.net https://maps.google.com/ https://www.google.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com *.googleapis.com cdn.fundgrube.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com unsafe-inline tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.oct8ne.com *.adyen.com *.googleapis.com *.doofinder.com *.cookiebot.com eu1-search.doofinder.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.nr-data.net *.newrelic.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: service.yourviews.com.br fonts.gstatic.com storage.googleapis.com fonts.googleapis.com bam.nr-data.net *.invictus.com.br *.sizebay.technology *.cloudflare.com upload.uploadcare.com ucarecdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://accounts.google.com https://www.facebook.com https://login.live.com *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.cardinalcommerce.com *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.mercadopago.com.br *.mercadopago.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.cardinalcommerce.com *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.mercadopago.com.br *.mercadopago.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io service.yourviews.com.br fonts.gstatic.com storage.googleapis.com fonts.googleapis.com bam.nr-data.net *.invictus.com.br *.sizebay.technology *.facebook.com upload.uploadcare.com ucarecdn.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com cdn.mundipagg.com api.pagar.me 'self' data: *.clarity.ms service.yourviews.com.br storage.googleapis.com fonts.gstatic.com bam.nr-data.net js-agent.newrelic.com fonts.googleapis.com *.bing.com *.tiktok.com *.invictus.com.br *.mundipagg.com *.yviews.com.br *.yourviews.com.br www.google.com.br upload.uploadcare.com cdnjs.cloudflare.com ucarecdn.com invictus-media-s3.s3.sa-east-1.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com 3ds2.pagar.me 3ds2-sdx.pagar.me sandbox.pay2.com.br api.pay2.com.br pix.bcb.gov.br *.google.com *.gstatic.com service.yourviews.com.br storage.googleapis.com js-agent.newrelic.com *.clarity.ms secure.lomadee.com *.widde.io fonts.googleapis.com fonts.gstatic.com bam.nr-data.net *.googleapis.com *.bing.com *.tiktok.com *.invictus.com.br *.mundipagg.com *.sizebay.technology *.yviews.com.br *.yourviews.com.br *.doubleclick.net cdnjs.cloudflare.com upload.uploadcare.com ucarecdn.com *.zdassets.com *.zendesk.com *.cloudfront.net yv-misc.s3.amazonaws.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com service.yourviews.com.br storage.googleapis.com fonts.gstatic.com bam.nr-data.net fonts.googleapis.com *.bing.com *.tiktok.com *.googleadservices.com *.invictus.com.br *.sizebay.technology *.yviews.com.br *.yourviews.com.br cdnjs.cloudflare.com upload.uploadcare.com ucarecdn.com *.zdassets.com 'self' 'unsafe-inline'; object-src *.invictus.com.br 'self' 'unsafe-inline'; media-src *.adobe.com *.invictus.com.br invictus-media-s3.s3.sa-east-1.amazonaws.com 'self' 'unsafe-inline'; manifest-src *.invictus.com.br 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net api.mundipagg.com api.pagar.me t.elasticsuite.io service.yourviews.com.br storage.googleapis.com js-agent.newrelic.com *.clarity.ms secure.lomadee.com *.widde.io fonts.googleapis.com fonts.gstatic.com bam.nr-data.net *.googleapis.com *.bing.com *.tiktok.com *.googleadservices.com *.invictus.com.br *.mundipagg.com braspayment.com *.sizebay.technology *.yviews.com.br *.yourviews.com.br upload.uploadcare.com cdnjs.cloudflare.com ucarecdn.com *.zdassets.com *.zendesk.com api.smooch.io 'self' 'unsafe-inline'; child-src *.invictus.com.br http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bannerflow.net *.lampenwelt.de *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.storyblok.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com https://cdn.consentmanager.net https://delivery.consentmanager.net secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com challenges.cloudflare.com https://www.recaptcha.net/recaptcha/ *.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net data: *.adyen.com *.brsrvr.com *.bloomreach.cloud https://cdn.consentmanager.net https://delivery.consentmanager.net cdn.pay1.de x.klarnacdn.net *.cloudfront.net *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu lw-cdn.com *.adingo.jp *.adnxs.com *.aralego.com *.bing.com *.bidswitch.net *.bluekai.com *.casalemedia.com *.clmbtech.com *.contentsquare.net *.consentmanager.net *.criteo.com *.dable.io *.doubleclick.net *.google.com *.googleapis.com *.lampenwelt.de *.linkedin.com *.media.net *.outbrain.com *.pubmatic.com *.rlcdn.com *.roeyecdn.com *.rubiconproject.com *.smaato.net *.smartadserver.com *.socdm.com *.stickyadstv.com *.taboola.com *.teads.tv *.unrulymedia.com *.yahoo.com *.yieldmo.com *.1rx.io *.3lift.com *.360yield.com *.mycliplister.com https://mycliplister.com *.storyblok.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com collector.sst.lampade.it data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com cdn.brcdn.com https://cdn.consentmanager.net https://delivery.consentmanager.net secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io challenges.cloudflare.com https://www.recaptcha.net/recaptcha/ *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com *.aticdn.net *.bing.com *.criteo.com *.contentsquare.net https://delivery *.doubleclick.net *.dwin1.com *.facebook.net *.hello-charles.com *.kk-resources.com *.lampenwelt.de *.licdn.com *.pinimg.com *.pinterest.com *.roeyecdn.com *.salesforceliveagent.com *.scarabresearch.com *.force.com *.tiktok.com https://mycliplister.com *.kameleoon.eu https://js-agent.newrelic.com *.storyblok.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.trustpilot.com collector.sst.lampade.it 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com d.ratepay.com d.payla.io dr.payla.io *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.force.com *.storyblok.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src https://cdn.consentmanager.net https://delivery.consentmanager.net 'self' 'unsafe-inline'; media-src *.adobe.com https://cdn.consentmanager.net https://delivery.consentmanager.net https://mycliplister.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.dxpapi.com https://cdn.consentmanager.net https://delivery.consentmanager.net payments.amazon.de d.ratepay.com jsctool.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.contentsquare.net *.criteo.com *.doubleclick.net *.googleadservices.com *.hello-charles.com *.lampenwelt.de *.linkedin.com *.pa-cd.com *.pinterest.com *.tiktok.com *.wepowerconnections.com *.xiti.com https://mycliplister.com *.kameleoon.io https://bam.eu01.nr-data.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.trustpilot.com collector.sst.lampade.it 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://cdn.consentmanager.net https://delivery.consentmanager.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-collector.magento.lampenwelt.tech; report-to report-endpoint; 1
font-src data: *.gstatic.com oct8necdneu.azureedge.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com sis-t.redsys.es:* sis.redsys.es sis-t.sermepa.es:* sis.sermepa.es *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.googleapis.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.vimeo.com *.oct8ne.com *.marvimundo.es *.marvimundo.com *.asesorcoloracion.es *.asesordecuidado.es *.diadermine.es *.ekomi.es *.jebbit.com *.reskyt.com *.cookiebot.com *.facebook.com *.doubleclick.net *.sequrapi.com https://sandbox.sequracdn.com https://live.sequracdn.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net oct8necdneu.azureedge.net *.ggpht *.marvimundo.com *.ekomiapps.de *.cookiebot.com *.facebook.com cdn.doofinder.com *.clarity.ms *.rawgit.com *.jsdelivr.net *.bing.com *.doubleclick.net *.google.sm *.google.sk *.google.si *.google.se *.google.rs *.google.ro *.google.pt *.google.pl *.google.no *.google.me *.google.lv *.google.lu *.google.lt *.google.li *.google.it *.google.is *.google.ie *.google.hu *.google.hr *.google.gr *.google.fr *.google.fi *.google.ee *.google.de *.google.cz *.google.com.ua *.google.com.mt *.google.com.gi *.google.co.uk *.google.ch *.google.bg *.google.be *.google.at *.google.ad https://sandbox.sequracdn.com https://live.sequracdn.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.connectif.cloud polyfill.io *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.cookiebot.com *.oct8ne.com *.adyen.com *.marvimundo.com *.ekomiapps.de *.cloudflare.com *.cloudflareinsights.com *.newrelic.com *.facebook.net *.facebook.com *.clarity.ms *.doofinder.com *.googlesyndication.com *.nr-data.net *.doubleclick.net *.google.sm *.google.sk *.google.si *.google.se *.google.rs *.google.ro *.google.pt *.google.pl *.google.no *.google.me *.google.lv *.google.lu *.google.lt *.google.li *.google.it *.google.is *.google.ie *.google.hu *.google.hr *.google.gr *.google.fr *.google.fi *.google.ee *.google.de *.google.cz *.google.com.ua *.google.com.mt *.google.com.gi *.google.co.uk *.google.ch *.google.bg *.google.be *.google.at *.google.ad *.sequrapi.com *.hotjar.com https://sandbox.sequracdn.com https://live.sequracdn.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.ekomiapps.de *.doofinder.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.oct8ne.com *.adyen.com *.googleapis.com *.marvimundo.com *.ekomiapps.de *.cloudflare.com *.cloudflareinsights.com *.cookiebot.com *.newrelic.com *.doofinder.com wss://*.doofinder.com *.clarity.ms *.connectif.cloud *.googlesyndication.com *.nr-data.net *.facebook.com *.doubleclick.net *.google.sm *.google.sk *.google.si *.google.se *.google.rs *.google.ro *.google.pt *.google.pl *.google.no *.google.me *.google.lv *.google.lu *.google.lt *.google.li *.google.it *.google.is *.google.ie *.google.hu *.google.hr *.google.gr *.google.fr *.google.fi *.google.ee *.google.de *.google.cz *.google.com.ua *.google.com.mt *.google.com.gi *.google.co.uk *.google.ch *.google.bg *.google.be *.google.at *.google.ad *.sequrapi.com eu1-search.doofinder.com https://sandbox.sequracdn.com https://live.sequracdn.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.etracker.de code.etracker.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
form-action *.facebook.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' data: blob: *.fls.doubleclick.net *.doubleclick.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.omtrdc.net *.twitter.com covers.odilo.io *.ads-twitter.com *.facebook.com *.facebook.net cdn.cookielaw.org www.googletagmanager.com online.bancosantander.es a.omappapi.com *.googleapis.com extend.vimeocdn.com www.google-analytics.com t.co adservice.google.com *.linkedin.com region1.google-analytics.com sso.santanderopenacademy.com *.santanderopenacademy.com *.universia.net fonts.gstatic.com in-automate.sendinblue.com z.omappapi.com api.omappapi.com snap.licdn.com images.findawayworld.com *.tiktok.com privacyportal-de.onetrust.com sibautomation.com use.typekit.net pro-becas-images-s3.s3.eu-west-1.amazonaws.com; frame-ancestors 'self' sso.santanderopenacademy.com *.santanderopenacademy.com; connect-src 'self' cdn.equalweb.com *.universia.net pro-becas-images-s3.s3.eu-west-1.amazonaws.com www.linkedin.com script.hotjar.com img.youtube.com px4.ads.linkedin.com t.co surveystats.hotjar.io analytics.twitter.com www.google.es mboxedge37.tt.omtrdc.net santanderuniversidad.tt.omtrdc.net www.googletagservices.com www.google.ie www.facebook.com cdn.cookielaw.org googleads.g.doubleclick.net stats.g.doubleclick.net www.google.com pagead2.googlesyndication.com region1.analytics.google.com region1.google-analytics.com vc.hotjar.io metrics.hotjar.io wss://ws.hotjar.com ws.hotjar.com content.hotjar.io www.google-analytics.com px.ads.linkedin.com analytics.tiktok.com *.pangle-ads.com  *.omappapi.com *.vimeo.com sso.santanderopenacademy.com *.santanderopenacademy.com; font-src 'self' script.hotjar.com fonts.gstatic.com data:; frame-src 'self' www.youtube.com www.google.com *.doubleclick.net track.adform.net www.facebook.com  *.universia.net sso.santanderopenacademy.com *.santanderopenacademy.com *.vimeo.com; img-src 'self' data: su-commons-documents.s3.eu-west-1.amazonaws.com pro-becas-images-s3.s3.eu-west-1.amazonaws.com i.ytimg.com non-productive-alfred-s3.s3.eu-west-1.amazonaws.com *.universia.net img.youtube.com cdn.cookielaw.org www.facebook.com fonts.gstatic.com www.google.ie www.google.com www.google.es www.googletagmanager.com www.google-analytics.com px.ads.linkedin.com px4.ads.linkedin.com t.co analytics.twitter.com covers.odilo.io images.findawayworld.com *.doubleclick.net *.odilotk.es; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' www.google.com 'sha256-YSegCmpoY/9vy6z9Jp/wY5F+2CZOSO85IpkqRDamw6o=' 'sha256-8UQUF8T5SdG0xN7U0SziZK/tE7Mx20WlIEvrhPZS+5c=' 'sha256-ZC4Ihfl+1sv3E25DQh090ITQKwffxiocyA9C1vaePKU=' 'sha256-y+EdpRp7NGzuxDREjdSGXuM2ZRxY/zPRIps6hzHQOcU=' 'sha256-ZC4Ihfl+1sv3E25DQh090ITQKwffxiocyA9C1vaePKU=' 'sha256-HbtNuErO4Ji0X7sd59L8NfJYuQk3WllCWK3gVuRMpfM=' 'sha256-BBirXJiJdwXRuf4PKdCNfYQLT8mhwGu68gkk2lfCqN8=' 'sha256-9gh4m8bsTLdMvKZ358mYZY2d+f5k+bk+APY/b3jwy1o=' 'sha256-xeKH9HwGHVm84iWqrxisQix9T08PGSCZTxFIO4+ewWk=' 'sha256-DwzQ63XCPWPBU9VhenPaZeU1L0tiiqJkkaWArzaMA14=' 'sha256-5t573MY7H7LQK71Vf2b+RoOG9NlBxHctIHdMjVPJIE0=' 'sha256-ZxrnaNw21FtNs0hG3ejrGPJWMFqp2c2scn3dGBS7Xtk=' 'sha256-DaJ5+aVVCCwmIoJpsto8Q2FfkqVlML3utJdn4mDMGD0=' 'sha256-Fj/OzUbSCuycXsQO3rkxgJpOQcr0O4grKcZDUi0FIiU=' 'sha256-L89rOqVn3e1Yeav7YFzFH7bxGr1IyHtjhNxYvrcVL4E=' 'sha256-g2T0Peh4PkAjcTj+CFHeM0y83Uuh+6W/+Ay4nUyncSo=' 'sha256-BpTz1JC47PMe4NhdM7n0gmuvr+83Jo3c+LLXav8o+Wc=' 'sha256-+i46atGTJGrevoy/LaA/uxqfIvacu6J/34f4LYs4FLU=' 'sha256-NW1gvrymt4M+SBgRpB7GKpbvkiAcBF120jBugIgwTkY=' 'sha256-TCOS0LXlyOYGx+xlpfAYkRxyaOiYLTlRzHwI0YQSm3Q=' 'sha256-XdoX181xfRJT12LmChyU6l4zxvoIsaAHf4FxTHoJM+I=' 'sha256-NKT4ofJEPzU1gDi1WITFInJvz8potrsIe5i+LSnCKqo=' 'sha256-w6kdg/3YV4tBVkaDe4i2aktYPtaPLEHNIGHKOXJ7aZI=' 'sha256-7OI/iFnRHuxJU3EbXDhDFX6g3cZ0C1I8U6VTbbk7bPw=' 'sha256-VY8NVZZ8EZKkngWGPFlpnC0jlPPS4naDQeeIKqLpgUU=' 'sha256-3ThNsno0lln5H88qDcBDPljNxQaOgkPiulXpM/OsV1s=' 'sha256-8N1I80yqbb8/sRov2zmhZf1nwe9Hd8PifhnSJaDP664=' 'sha256-LG4xcV34tsaAdFNYuH8Lr84Ovn0ZnSV2GoIA+TiLP5s=' 'sha256-y36RoFUJWgc8gbl/5Pk2/0bsYv2bJ+bMa8Y4LV/Wz/k=' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'sha256-3FPxyKucOIUnwkis1jUlVWeg63ttBCdsnPZ7d1/U9vQ=' 'sha256-lBxE5qVCAIfADFr1+pdyVxAP7I/YVviosUAsCf3pZtU=' 'sha256-3iXpidN34sHSaOL+oY8lqqkqIs8qgMSZmmFOyyyJq5o=' cdn.jsdelivr.net cdn.equalweb.com code.jquery.com track.adform.net s2.adform.net www.googletagservices.com cdn.cookielaw.org googleads.g.doubleclick.net connect.facebook.net static.hotjar.com metrics.hotjar.io script.hotjar.com www.googletagmanager.com www.google-analytics.com snap.licdn.com static.ads-twitter.com analytics.tiktok.com *.googleapis.com pro-becas-images-s3.s3.eu-west-1.amazonaws.com *.gstatic.com *.omappapi.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com www.googletagmanager.com fonts.googleapis.com *.omappapi.com; worker-src *.universia.net 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.it https://www.myheritage.it  'unsafe-eval' 'nonce-e539003241acdae1950ad65c8570607c' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.it;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
default-src 'self'; base-uri 'self'; block-all-mixed-content ; connect-src 'self' https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://api.attio.com/ https://www.facebook.com/ https://adservice.google.com https://www.googleadservices.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat wss://nexus-websocket-a.intercom.io https://api-iam.intercom.io/ https://*.ads.linkedin.com https://cdn.linkedin.oribi.io https://bat.bing.com https://*.clarity.ms https://c.bing.com https://api-js.mixpanel.com/ https://conversions-config.reddit.com www.redditstatic.com https://pixel-config.reddit.com/ https://analytics.twitter.com/ https://*.quora.com https://o394581.ingest.sentry.io/api/4505793402896384/; font-src 'self' https://fonts.gstatic.com/ https://fonts.intercomcdn.com/ https://at.alicdn.com/; form-action 'self' https://api-iam.intercom.io/; frame-ancestors 'self' https://app.storyblok.com/; img-src 'self' https://www.facebook.com/ https://googleads.g.doubleclick.net https://www.google.com https://google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.googletagmanager.com/ https://downloads.intercomcdn.com/ https://js.intercomcdn.com/ https://static.intercomassets.com/ https://*.ads.linkedin.com https://bat.bing.com https://*.clarity.ms https://c.bing.com https://api.producthunt.com/widgets/embed-image/v1/featured.svg https://alb.reddit.com https://analytics.twitter.com/ https://t.co/ https://pbs.twimg.com/profile_images/ https://*.quora.com https://a.storyblok.com/f/234930/ https://i.vimeocdn.com/video/ https://i.ytimg.com/ data:; object-src 'none'; script-src 'self' 'unsafe-inline' https://ajax.cloudflare.com https://connect.facebook.net/ https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://*.google-analytics.com/ https://*.g.doubleclick.net/ https://*.googletagmanager.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js.intercomcdn.com/ https://widget.intercom.io/ https://snap.licdn.com/ https://bat.bing.com https://*.clarity.ms https://c.bing.com https://www.redditstatic.com https://static.ads-twitter.com/ https://*.quora.com https://app.storyblok.com/* https://cdn.jsdelivr.net/gh/paulirish/; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/gh/paulirish/; upgrade-insecure-requests ; frame-src https://www.facebook.com/ https://www.googletagmanager.com https://*.g.doubleclick.net/ https://td.doubleclick.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.intercom-reporting.com/ https://player.vimeo.com/ https://www.youtube-nocookie.com/; child-src https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; media-src https://js.intercomcdn.com/; report-uri https://o394581.ingest.sentry.io/api/4505793402896384/security/?sentry_key=afceb9e6ddac6219e4bf7c3e2fc69c53; 1
font-src *.fontawesome.com *.cloudflare.com *.twitter.com *.facebook.net *.gstatic.com *.typekit.net *.twimg.com *.hotjar.com *.trustedshops.com *.googleapis.com *.magentocommerce.com *.paypal.com *.cardinalcommerce.com *.authorize.net img-dagi.mncdn.com *.creativecdn.com *.personaclick.com *.efilli.com *.googlesyndication.com *.criteo.com *.quinengine.com *.clarity.ms *.taboola.com *.tiktok.com *.cloudflareinsights.com *.thequin.com *.fosoft.com.tr *.adobe.com *.adobetm.com *.collectaction.com *.yapaytech.com *.masterpassturkiye.com *.iyzipay.com *.bkm.com.tr *.akbank.com.tr *.yapikredi.com.tr *.garanti.com.tr data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.twitter.com *.facebook.com img-dagi.mncdn.com *.creativecdn.com *.personaclick.com *.efilli.com *.googlesyndication.com *.criteo.com *.quinengine.com *.clarity.ms *.taboola.com *.tiktok.com *.cloudflareinsights.com *.thequin.com *.fosoft.com.tr *.adobe.com *.adobetm.com *.collectaction.com *.yapaytech.com 'self' 'unsafe-inline'; frame-ancestors *.google.com *.gstatic.com img-dagi.mncdn.com *.creativecdn.com *.personaclick.com *.efilli.com *.googlesyndication.com *.criteo.com *.quinengine.com *.clarity.ms *.taboola.com *.tiktok.com *.cloudflareinsights.com *.thequin.com *.fosoft.com.tr *.adobe.com *.adobetm.com *.collectaction.com *.yapaytech.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ *.twitter.com *.google.com *.gstatic.com *.hotjar.com *.google.com.tr *.veinteractive.com *.demdex.net *.solocpm.com *.facebook.com *.facebook.net *.addthis.com *.livechatinc.com *.yandex.ru *.adyen.com *.vimeo.com *.doubleclick.net *.bluekai.com *.useinsider.com img-dagi.mncdn.com *.creativecdn.com *.personaclick.com *.efilli.com *.googlesyndication.com *.criteo.com *.quinengine.com *.clarity.ms *.taboola.com *.tiktok.com *.cloudflareinsights.com *.thequin.com *.fosoft.com.tr *.adobetm.com *.collectaction.com *.yapaytech.com *.masterpassturkiye.com *.iyzipay.com *.bkm.com.tr *.akbank.com.tr *.yapikredi.com.tr *.garanti.com.tr 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: *.vimeocdn.com i.ytimg.com *.youtube.com *.swagger.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.paypalobjects.com *.hotjar.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.magentocommerce.com *.cardinalcommerce.com *.authorize.net *.omtrdc.net *.newrelic.com *.doubleclick.net *.google.com *.google.com.tr *.facebook.com *.facebook.net *.demdex.net *.everesttech.net *.googleapis.com *.gstatic.com *.adis.ws *.livechatinc.com *.yandex.ru *.adyen.com *.setrowid.com *.setrow.com *.instagram.com *.useinsider.com *.googletagmanager.com img-dagi.mncdn.com *.creativecdn.com *.personaclick.com *.efilli.com *.googlesyndication.com *.criteo.com *.quinengine.com *.clarity.ms *.taboola.com *.tiktok.com *.cloudflareinsights.com *.thequin.com *.fosoft.com.tr *.adobetm.com *.collectaction.com *.yapaytech.com *.masterpassturkiye.com *.iyzipay.com *.bkm.com.tr *.akbank.com.tr *.yapikredi.com.tr *.garanti.com.tr *.mobilexpress.com.tr data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.magentocommerce.com *.paypal.com *.hotjar.com *.cardinalcommerce.com *.authorize.net *.omtrdc.net *.instana.io *.google.com *.google.com.tr *.googletagmanager.com *.veinteractive.com *.facebook.net *.supert.ag *.setrowid.com *.mainadv.com *.doubleclick.net *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.livechatinc.com *.yandex.ru *.adyen.com *.vimeo.com *.jsdelivr.net *.setrow.com *.instagram.com *.criteo.com *.criteo.net *.ciritizr.com *.bkrtx.com *.cloudfront.net *.useinsider.com *.critizr.com *.behance.net *.swagger.io img-dagi.mncdn.com *.creativecdn.com *.personaclick.com *.efilli.com *.googlesyndication.com *.quinengine.com *.clarity.ms *.taboola.com *.tiktok.com *.cloudflareinsights.com *.thequin.com *.fosoft.com.tr *.adobetm.com *.collectaction.com *.yapaytech.com *.masterpassturkiye.com *.iyzipay.com *.bkm.com.tr *.akbank.com.tr *.garanti.com.tr *.mobilexpress.com.tr 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.facebook.net *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.magentocommerce.com *.paypal.com *.paypalobjects.com *.hotjar.com *.cardinalcommerce.com *.authorize.net *.omtrdc.net *.newrelic.com *.setrowid.com *.setrow.com *.critizr.com *.useinsider.com *.adobedtm.com *.google-analytics.com *.googletagmanager.com *.swagger.io img-dagi.mncdn.com *.creativecdn.com *.personaclick.com *.efilli.com *.googlesyndication.com *.criteo.com *.quinengine.com *.clarity.ms *.taboola.com *.tiktok.com *.cloudflareinsights.com *.thequin.com *.fosoft.com.tr *.adobetm.com *.collectaction.com *.yapaytech.com *.masterpassturkiye.com *.iyzipay.com *.bkm.com.tr *.akbank.com.tr *.yapikredi.com.tr *.garanti.com.tr 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.cloudflare.com *.google-analytics.com *.doubleclick.net *.twitter.com *.facebook.com *.facebook.net *.paypal.com *.paypalobjects.com *.hotjar.com *.hotjar.io *.twimg.com *.magentocommerce.com *.cardinalcommerce.com *.cardinalcommerce.net *.veinteractive.com *.demdex.net *.yandex.ru *.vimeo.com *.setrowid.com *.setrow.com *.useinsider.com *.adobedtm.com *.swagger.io img-dagi.mncdn.com *.creativecdn.com *.personaclick.com *.efilli.com *.googlesyndication.com *.criteo.com *.quinengine.com *.clarity.ms *.taboola.com *.tiktok.com *.cloudflareinsights.com *.thequin.com *.fosoft.com.tr *.adobe.com *.adobetm.com *.collectaction.com *.yapaytech.com *.masterpassturkiye.com *.iyzipay.com *.bkm.com.tr *.akbank.com.tr *.yapikredi.com.tr *.garanti.com.tr 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-TqoX3kemZDZK5sMCmh6MAA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src use.typekit.net *.googleapis.com *.gstatic.com data: *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * hbm-sandbox.cabinets.com staging-kitchen.enterprise.by.me kitchen.enterprise.by.me www.google.com *.affirm.com *.affirm.ca connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.chatlio.com *.gstatic.com *.googleapis.com *.affirm.com *.affirm.ca *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.chatlio.com *.salesforceliveagent.com *.jsdelivr.net *.g.doubleclick.net *.newrelic.com bam.nr-data.net *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.affirm.com *.affirm.ca *.blueconic.net connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.facebook.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com *.chatlio.com fonts.googleapis.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.chatlio.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.chatlio.com *.g.doubleclick.net bam.nr-data.net *.googleapis.com *.affirm.com *.affirm.ca *.blueconic.net connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com sessions.bugsnag.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri /csp-reports/; default-src 'self' https://trackbill.com https://*.trackbill.com; connect-src 'self' https://*.trackbill.com https://api.hubspot.com https://api.hubapi.com https://forms.hubspot.com https://*.pndsn.com https://pubsub.pubnub.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.google-analytics.com https://stats.g.doubleclick.net https://api.hsforms.com https://www.facebook.com https://jsd-widget.atlassian.com https://mgas.prod.public.atl-paas.net; font-src 'self' https://fonts.gstatic.com https://static.hsappstatic.net; frame-src 'self' https://trackbill.com https://*.trackbill.com https://app.hubspot.com https://mozilla.github.io https://d31qbv1cthcecs.cloudfront.net https://www.youtube.com https://connect.facebook.net; img-src 'self' https://trackbill.com https://*.trackbill.com https://mozilla.github.io https://static.hsappstatic.net https://track.hubspot.com https://hubspot-avatars.s3.amazonaws.com https://www.facebook.com https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://bam.nr-data.net https://certify.alexametrics.com https://d5nxst8fruw4z.cloudfront.net data: blob:; media-src 'self' https://trackbill.com https://*.trackbill.com; object-src 'self' https://trackbill.com https://*.trackbill.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://trackbill.com https://*.trackbill.com https://code.jquery.com https://mozilla.github.io https://app.hubspot.com https://static.hsappstatic.net https://js.usemessages.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsadspixel.net https://js.hs-scripts.com https://bam.nr-data.net https://connect.facebook.net https://www.google-analytics.com https://d31qbv1cthcecs.cloudfront.net https://www.googletagmanager.com https://js-agent.newrelic.com https://mgas.prod.public.atl-paas.net https://jsd-widget.atlassian.com; style-src 'self' 'unsafe-inline' https://trackbill.com https://*.trackbill.com https://code.jquery.com https://mozilla.github.io https://static.hsappstatic.net https://www.google-analytics.com https://fonts.googleapis.com; child-src 'self' https://trackbill.com https://*.trackbill.com https://app.hubspot.com https://mozilla.github.io https://d31qbv1cthcecs.cloudfront.net; form-action 'self' https://trackbill.com https://*.trackbill.com https://connect.facebook.net; frame-ancestors 'none'; plugin-types application/pdf; 1
default-src 'self'; base-uri 'self'; font-src 'self' https: data:; img-src 'self' data: https:; object-src 'none'; style-src 'self' https: 'unsafe-inline'; connect-src 'self' https:; frame-src 'self'; frame-ancestors 'self'; media-src 'self'; script-src 'self' https: 'unsafe-inline' http://connect.facebook.net/en_US/sdk.js https://connect.facebook.net/en_US/sdk.js; report-uri https://o466311.ingest.sentry.io/api/6004104/security/?sentry_key=2c284ff228ac4d0e8b8ad9ea17497eee&sentry_release=trusted-mfe@v1.1&sentry_environment=prod 1
object-src 'none';base-uri 'self';script-src 'nonce-yp-mK7B8jh3flTAFavH6Cw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.googleapis.com *.gstatic.com data: fonts.googleapis.com fonts.gstatic.com *.fontawesome.com * *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.dotdigital-pages.com *.dotdigital.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com *.trackedlink.net maps.googleapis.com maps.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com gateway.apaylater.com gateway.atome.sg ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googleapis.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com gateway.apaylater.com gateway.atome.sg cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.googletagmanager.com *.facebook.net *.avada.io https://*.googletagmanager.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline fonts.googleapis.com gateway.apaylater.com gateway.atome.sg cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com downloads.mailchimp.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com webchat.dotdigital.com webchat.staging.dotdigital.com *.google-analytics.com https://get.geojs.io *.avada.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com *.cloudflare.com *.twitter.com *.twimg.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com *.hotjar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.hotjar.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io *.demdex.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.plazalama.com.do *.google.es *.google.com *.hotjar.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io * searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com unpkg.com commerce.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.newrelic.com *.nr-data.net *.hotjar.com *.marketo.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.adobe.io performance.typekit.net *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io * searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com commerce.adobedtm.com commerce.adobedc.net vimeo.com api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.newrelic.com *.nr-data.net *.google.com *.mktoresp.com *.hotjar.com *.doubleclick.net www.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.plazalama.com.do/; report-to report-endpoint; 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com https://customcheckout-uat.bambora.net.au https://customcheckout.bambora.com.au https://www.facebook.com https://www.google.com https://www.google.com.au https://secure.livechatinc.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net *.ftcdn.net *.behance.net data: https://www.google.com https://www.google.com.au https://analytics.sleeknote.com https://cdn.na.bambora.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://cdn.livechatinc.com https://api.livechatinc.com https://sc.lfeeder.com https://js-agent.newrelic.com https://sleeknotecustomerscripts.sleeknote.com https://www.googletagmanager.com https://www.google.com https://www.google.com.au https://www.gstatic.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://hosted.mastersoftgroup.com https://customcheckout-uat.bambora.net.au https://customcheckout.bambora.com.au https://www.dwin1.com https://sleeknotestaticcontent.sleeknote.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.google.com https://www.google.com.au https://fonts.googleapis.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io https://bam.nr-data.net https://hosted.mastersoftgroup.com https://api.livechatinc.com https://www.google.com https://www.google.com.au https://www.googleadservices.com https://www.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://fonts.gstatic.com *.fontawesome.com *.cloudflare.com *.klaviyo.com *.hotjar.com *.hotjar.io *.networkmerchants.com *.echeckpoint.com *.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com http://maps.google.com *.online-metrix.net *.jotfor.ms *.jotform.com *.c3vault1.com *.storepoint.co https://res.cloudinary.com https://icons.storepoint-icons.com *.elfsight.com *.elfsightcdn.com *.commoninja.com *.cloudfront.net *.hotjar.com *.hotjar.io *.networkmerchants.com *.echeckpoint.com *.signifyd.com *.googleapis.com *.gstatic.com *.google.com maps.gstatic.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://static.cloudflareinsights.com *.cloudflare.com *.lr-ingest.com *.ingest-lr.com *.jotform.com *.jotfor.ms *.storepoint.co *.elfsight.com *.commoninja.com *.cloudfront.net *.hotjar.com *.hotjar.io *.networkmerchants.com *.echeckpoint.com *.signifyd.com *.online-metrix.net *.googleapis.com maps.googleapis.com cdn.ampproject.org www.gstatic.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com https://fonts.googleapis.com *.jotfor.ms *.storepoint.co *.fontawesome.com *.cloudflare.com *.elfsight.com *.commoninja.com *.klaviyo.com *.hotjar.com *.hotjar.io *.networkmerchants.com *.echeckpoint.com *.googleapis.com www.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://maps.googleapis.com *.doubleclick.net https://bcp.crwdcntrl.net *.lr-ingest.com *.ingest-lr.com *.jotform.com https://api.jotform.com *.storepoint.co *.elfsight.com *.commoninja.com *.klaviyo.com *.hotjar.com *.hotjar.io *.networkmerchants.com *.echeckpoint.com *.automaticffl.com *.googleapis.com cdn.ampproject.org www.googleapis.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.typekit.net *.fontawesome.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.instagram.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cdninstagram.com https://cdn.clerk.io www.facebook.com https://maps.omnivasiunta.lt https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org https://www.terminalmappingjs.com https://osm.venipak.com http://mano.venipak.lt https://img.youtube.com https://omnisnippet1.com https://wt.soundestlink.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.instagram.com https://api.clerk.io https://cdn.clerk.io *.googletagmanager.com connect.facebook.net s7.addthis.com https://unpkg.com https://omnisnippet1.com https://forms.soundestlink.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.gstatic.com api.clerk.io cdn.clerk.io www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.clerk.io https://cdn.clerk.io *.typekit.net *.fontawesome.com https://unpkg.com *.googleapis.com unsafe-inline assets.braintreegateway.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ws: *.analytics.google.com ekr.zdassets.com/ https://geocode.arcgis.com https://www.terminalmappingjs.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.gstatic.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com *.googleapis.com *.yotpo.com 'self' data: *.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.hotjar.com *.doubleclick.net *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.yotpo.com *.google.com *.google.com.ar *.facebook.com *.doubleclick.net *.sparta.cl newbalance.cl 'self' data: *.gstatic.com *.googleapis.com *.yandex.ru *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com commerce.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.google.com *.googleoptimize.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.fanplayr.com *.facebook.net *.yotpo.com *.newrelic.com *.nr-data.net *.doubleclick.net *.magentosite.cloud *.freshworks.com *.hotjar.com *.retailrocket.net *.yandex.ru *.api.useinsider.com *.mlstatic.com *.mercadopago.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.sparta.cl *.newbalance.cl *.yotpo.com *.fonts.net *.magentosite.cloud *.freshworks.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.google-analytics.com *.yotpo.com *.nr-data.net *.freshworks.com *.googleapis.com stats.g.doubleclick.net *.yandex.ru *.mercadopago.com *.mercadolibre.com *.retailrocket.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://spartacl.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
font-src https://fonts.gstatic.com *.fontawesome.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com api.razorpay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://cdn.syteapi.com https://maps.gstatic.com/ https://maps.googleapis.com/ https://maps.google.com/ cdn.razorpay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.syteapi.com/ https://cdn-api.syteapi.com/ https://fonts.gstatic.com https://maps.googleapis.com/ checkout.razorpay.com *.googleapis.com *.google.com *.gstatic.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://cdn-api.syteapi.com https://syteapi.com https://maps.googleapis.com/ lumberjack.razorpay.com lumberjack-metrics.razorpay.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-D81eANy6K3C1j5y6E4q8yw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cc.cdn.civiccomputing.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://reports.hrmdirect.com https://*.etcconnect.com;style-src 'self' 'unsafe-inline' https://hello.myfonts.net https://reports.hrmdirect.com https://www.highend.com https://fonts.googleapis.com https://*.etcconnect.com;object-src 'none';img-src 'self' data: https://www.google-analytics.com https://www.facebook.com https://*.etcconnect.com;report-uri /Handlers/CspReports.ashx?type=REPORTONLY; 1
default-src 'self'; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-ancestors 'self'; report-uri https://hotze-com.uriports.com/reports/report; report-to default 1
font-src *.gstatic.com *.fontawesome.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.sandbox.paypal.com *.youtube.com *.paypal.com *.googleadservices.com *.google-analytics.com *.google.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.placeholder.com *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.twitter.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.googleapis.com *.placeholder.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.twitter.com *.google.com *.youtube.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.googleapis.com *.placeholder.com cdn.lightwidget.com lightwidget.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cdninstagram.com *.google.com *.youtube.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.googleapis.com *.placeholder.com cdn.lightwidget.com lightwidget.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com *.youtube.com *.instagram.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.googleapis.com *.placeholder.com cdn.lightwidget.com lightwidget.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.google.com *.youtube.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.placeholder.com cdn.lightwidget.com lightwidget.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.youtube.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.googleapis.com *.placeholder.com cdn.lightwidget.com lightwidget.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.no https://www.myheritage.no  'unsafe-eval' 'nonce-d2cd64e232d9aa83031116b87978b8cc' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.no;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.leslibraires.ca *.lbrs.ca *.quialu.ca *.cloudflare.com *.cookielaw.org *.dialoginsight.com *.facebook.com *.facebook.net *.maxmind.com *.paypal.com *.paypalobjects.com *.wordpress.com *.doubleclick.net *.googleapis.com *.googlesyndication.com *.google.com *.googleadservices.com *.googletagmanager.com *.googletagservices.com *.google-analytics.com *.gstatic.com; style-src 'report-sample' 'self' 'unsafe-inline' *.typekit.net *.googleapis.com *.googletagmanager.com *.gstatic.com *.google.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.leslibraires.ca *.lbrs.ca *.quialu.ca *.typekit.net *.cookielaw.org *.onetrust.com *.dialoginsight.com *.braintreegateway.com *.braintree-api.com *.facebook.com *.facebook.net *.paypal.com *.paypalobjects.com *.wordpress.com *.mmapiws.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.doubleclick.net *.google-analytics.com *.googleadservices.com *.gstatic.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; font-src 'self' data: *.gstatic.com *.typekit.net; frame-src 'self' *.quialu.ca *.cloudflare.com *.braintreegateway.com *.paypal.com *.paypalobjects.com *.googlesyndication.com *.googletagmanager.com *.google.com; img-src 'self' blob: data: *.leslibraires.ca *.lbrs.ca *.cookielaw.org *.dialoginsight.com *.facebook.com *.facebook.net *.paypal.com *.doubleclick.net *.googleapis.com *.gstatic.com *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; manifest-src 'self'; media-src 'self' data: blob:; child-src blob:; report-uri https://o4505964188139520.ingest.sentry.io/api/4505964295684096/security/?sentry_key=0c267b745f30d4da27e8d996a22eb2b4; report-to csp-endpoint; worker-src blob:; upgrade-insecure-requests; 1
object-src 'none';base-uri 'self';script-src 'nonce-HajQ88hKZSlvni3Zghn0gA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.amazonaws.com *.cxengage.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cxengage.net *.amazonaws.com https://*.salesforce.com https://use.typekit.net https://media.twiliocdn.com https://connect.facebook.net https://widget.prodpad.com; style-src 'unsafe-inline' 'self' https:; img-src 'self' https: data: cid: blob:;font-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://use.typekit.net https://static.xx.fbcdn.net https://*.knak.io data:; object-src 'none'; frame-ancestors 'self' https:; frame-src 'self' https: blob:; connect-src 'self' *.cxengage.net *.amazonaws.com sentry.io https://media.twiliocdn.com https://eventgw.twilio.com https://api-widget.prodpad.com https://www.facebook.com https://connect.facebook.net ws:; report-uri https://o142049.ingest.sentry.io/api/6353635/security/?sentry_key=2c0aec6aedbb4a86bd982cecc41bc8fb&sentry_environment=us-east-1-prod 1
font-src https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://www.google.com/ https://www.gstatic.com/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://static.cloudflareinsights.com/ data: *.core.windows.net https://maps.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com self *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * secure.nmi.com secure.networkmerchants.com collectcheckout.com  'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://*.doubleclick.net/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * secure.nmi.com secure.networkmerchants.com collectcheckout.com  'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://kalicr.com https://www.google.co.cr/ https://www.facebook.com/ https://almaceneselrey.com/ https://www.google.com/ https://www.gstatic.com/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://static.cloudflareinsights.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.core.windows.net https://maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://googletagmanager.com/ https://www.googletagmanager.com/ data: https://connect.facebook.net/ https://www.google.com/ https://www.gstatic.com/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://static.cloudflareinsights.com/ s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.core.windows.net https://maps.gstatic.com secure.nmi.com secure.networkmerchants.com collectcheckout.com  'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://credomatic.compassmerchantsolutions.com/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://googletagmanager.com/ https://www.googletagmanager.com/ data: https://secure.networkmerchants.com/ https://www.google.com/ https://www.gstatic.com/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://static.cloudflareinsights.com/ unsafe-inline assets.braintreegateway.com *.core.windows.net https://maps.gstatic.com secure.nmi.com  'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.core.windows.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://credomatic.compassmerchantsolutions.com/ https://googletagmanager.com/ https://www.googletagmanager.com/ https://*.doubleclick.net/ data: https://www.facebook.com/ https://places.googleapis.com/ https://www.google.com/ https://www.gstatic.com/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://static.cloudflareinsights.com/ ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.core.windows.net https://maps.gstatic.com secure.nmi.com secure.networkmerchants.com collectcheckout.com  'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; style-src 'self' fonts.googleapis.com *.typekit.net 'sha256-eXQbyB8YxZkWD5epgriI5Aoh333fjv618WjVSFU6Fbg=' 'sha256-eXQbyB8YxZkWD5epgriI5Aoh333fjv618WjVSFU6Fbg=' 'sha256-EwX6gzn3K/AeBvzO5uSU+LH3xuXvwiUguSK5J/jTMxg=' 'sha256-EwX6gzn3K/AeBvzO5uSU+LH3xuXvwiUguSK5J/jTMxg=' 'sha256-EwX6gzn3K/AeBvzO5uSU+LH3xuXvwiUguSK5J/jTMxg=' 'sha256-EwX6gzn3K/AeBvzO5uSU+LH3xuXvwiUguSK5J/jTMxg=' 'sha256-LbZ1Unz/mECrqrf+3CWtpnBrwBH/o0xkJib5D3aXOi0=' 'sha256-qWwxsTFcdIcN78qmlVvZfPMlQLLiEk7put1pv87RdRQ=' 'sha256-Y2qXJELGuy21YLT6RM0tHQR+6fsH9BjFufJt114C1M0=' 'sha256-Nt+puP/szSCn48+0ksApbJf5hhv4awGHUZgOYrPcHUQ='; font-src 'self' data: fonts.gstatic.com use.typekit.net; script-src 'self' www.googletagmanager.com 'sha256-7heaUlTg3fMC331QsFWeAAbqPqRUlQc7P88iS5UoGxs=' 'sha256-n73m64JrQxUyJxNbE/dpGYH8dITaMzwKV14exhZhIzk=' 'sha256-4zGuWh0YT9Sc/3vQyMwHlvsmgeM3q+RwCRoQVloebdg=' 'sha256-sBbdEvS/Li8bJ3YjwR4ZMawbjLuXqOB8jov/BLgmqfE=' 'sha256-Kj+yrfVw5SVnEtYkRFV3SC01j+GoVrB5mlBCViYLgm8=' 'sha256-TD+mw8sga0FXNdftLUiN8r48srJHAM0Z4z6iSUggmK0='; connect-src 'self' analytics.google.com www.google-analytics.com stats.g.doubleclick.net; img-src 'self' data: secure.gravatar.com; 1
default-src 'self' data: blob: ; script-src data: blob: 'unsafe-inline' 'unsafe-eval' 'self' https://seal.digicert.com https://www.googletagmanager.com/gtm.js https://cdn.cookielaw.org *.sitejabber.com https://www.youtube.com; style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.sitejabber.com; connect-src 'self' data: blob: ws: wss: https://www.sitejabber.com https://cdn.cookielaw.org; img-src 'self' data: blob: 'unsafe-inline' https://seal-dallas.bbb.org https://seal.digicert.com https://static.sitejabber.com https://cdn.cookielaw.org https://secure.gravatar.com; font-src 'self' data: blob: https://fonts.gstatic.com https://static.sitejabber.com; frame-ancestors 'self'; frame-src https://www.youtube.com; report-to ot-reporter; report-uri https://xtvenwskmk.execute-api.us-east-1.amazonaws.com/infosec; 1
object-src 'none';base-uri 'self';script-src 'nonce-YWotoA4_DiiucjGZuUnWmA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-jIcOW4cny72kiPhOyv4HPA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-uILskTY6csi18Crh6S_fKg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-86O6PIOXxRfRPsrkllclwQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'report-sample'; style-src * 'unsafe-inline'; frame-ancestors *; report-uri https://www.merton.gov.uk/report-uri/reportOnly 1
font-src *.fontawesome.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.doubleclick.net/ *.paypal.com *.vimeo.com *.demdex.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com *.mailchimp.com gallery.mailchimp.com *.gstatic.com *.google.com *.google.it *.googleapis.com *.google-analytics.com *.analytics.google.com *.googleadservices.com *.vimeo.com *.googletagmanager.com *.paypal.com *.paypalobjects.com *.demdex.net *.amazonaws.com *.swagger.io *.ytimg.com *.doubleclick.net *.magentocommerce.com *.adobe.com  *.everesttech.net *.omtrdc.net *.adobedtm.com *.bing.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.youtube.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com s7.addthis.com *.adobedtm.com *.googleadservices.com *.google.com *.doubleclick.net *.googletagmanager.com *.paypal.com *.paypalobjects.com *.googleapis.com *.vimeo.com *.chimpstatic.com *.mailchimp.com *.addthis.com *.bing.com *.hotjar.com *.facebook.net *.iubenda.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com *.googleapis.com *.iubenda.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ *.demdex.net *.omtrdc.net *.google-analytics.com *.googleadservices.com *.google.com *.googletagmanager.com *.vimeo.com *.paypal.com *.paypalobjects.com *.zdassets.com *.googleapis.com *.youtube.com https://maps.googleapis.com https://fonts.googleapis.com *.doubleclick.net *.hotjar.com *.iubenda.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.cloudinary.com www.google.com adservice.google.com *.clarity.ms *.gstatic.com ariane.abtasty.com *.tawk.to cdn.jsdelivr.net vc.hotjar.io loader.wisepops.com try.abtasty.com *.googleapis.com unpkg.com region1.analytics.google.com *.facebook.net cdn.seopa.com analytics.google.com region1.google-analytics.com *.googleusercontent.com www.google-analytics.com *.doubleclick.net bat.bing.com dcinfos-cache.abtasty.com wisepops.net *.googleadservices.com static.addtoany.com www.googletagmanager.com www.google.co.uk cdnjs.cloudflare.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self'; style-src 'self'; script-src 'self' 1
img-src https://higherlogicdownload.s3.amazonaws.com/UNIFORMLAWS/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/UNIFORMLAWS/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/UNIFORMLAWS/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' https://higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/UNIFORMLAWS/ https://higherlogicdownload.s3.amazonaws.com/UNIFORMLAWS/ https://higherlogiclongterm.s3.amazonaws.com/UNIFORMLAWS/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogiccloudfront.s3.amazonaws.com https://higherlogicdownload.s3.amazonaws.com/UNIFORMLAWS/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/UNIFORMLAWS/ 'self' https://higherlogiclongterm.s3.amazonaws.com/UNIFORMLAWS/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; media-src https://higherlogiclongterm.s3.amazonaws.com/UNIFORMLAWS/ https://higherlogicdownload.s3.amazonaws.com/UNIFORMLAWS/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/UNIFORMLAWS/ https://higherlogicstream.s3.amazonaws.com/UNIFORMLAWS/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/UNIFORMLAWS/ https://higherlogicdownload.s3.amazonaws.com/UNIFORMLAWS/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/hlqui-2024-05-08.js https://d132x6oi8ychic.cloudfront.net https://cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/UNIFORMLAWS/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/hlq-2024-05-08.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; script-src-elem https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/hlqui-2024-05-08.js https://d3uf7shreuzboy.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/hlq-2024-05-08.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; default-src 'self'; base-uri 'self'; connect-src 'self' https://hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1
frame-ancestors 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; form-action https://3dsgate.borica.bg/ secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com *.facebook.com 'self' 'unsafe-inline'; frame-src td.doubleclick.net player.flipsnack.com/ fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com/ https://plumrocket.com *.weltpixel.com 'self' 'unsafe-inline'; font-src maxcdn.bootstrapcdn.com fonts.gstatic.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline'; connect-src app.avada.io www.google-analytics.com stats.g.doubleclick.net/j/ region1.analytics.google.com maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true maps.googleapis.com dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://*.ingest.sentry.io http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io https://www.google-analytics.com *.google-analytics.com analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.doubleclick.net 'self' 'unsafe-inline'; script-src 'self' app.avada.io connect.facebook.com connect.facebook.net facebook.com googleads.g.doubleclick.net www.google-analytics.com www.google.com/pagead/ www.google.bg/pagead/ www.facebook.com/tr/ maps.googleapis.com i.adwise.bg static.hotjar.com https://script.hotjar.com/ https://www.google.com/ https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com www.apptrian.com www.facebook.com graph.facebook.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.googleapis.com *.google.com *.gstatic.com *.avada.io *.google.com/ https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com unpkg.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: www.google.com www.google.bg maps.googleapis.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.magezon.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.gstatic.com *.facebook.com *.reddit.com 'self' 'unsafe-inline'; style-src fonts.googleapis.com temax.bg getfirebug.com downloads.mailchimp.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.googletagmanager.com perf-na1.hsforms.com *.tiktok.com *.googleapis.com www.google.com f.hubspotusercontent00.net api.pushio.com *.hubspot.com images.ctfassets.net *.googlesyndication.com *.dynatrace.com *.windows.net *.googleadservices.com vc.hotjar.io *.doubleclick.net formulariosseguros-pco-prd.azurewebsites.net js-agent.newrelic.com app-digitalgate-prd-ol.azurewebsites.net analytics.google.com www.youtube.com landscape.puntoscolombia.com pco-web-back-prod.puntoscolombia.com *.qualtrics.com secureforms-pco.onelinkbpo.com metrics.hotjar.io adservice.google.com *.vteximg.com.br *.hotjar.com bam.nr-data.net www.google.com.co *.azure-api.net *.facebook.net *.clarity.ms videos.ctfassets.net assets.adobedtm.com *.azureedge.net *.gstatic.com *.facebook.com digitalgatelogqueueingprd.azurewebsites.net landing.puntoscolombia.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: cdn.jsdelivr.net assets.obi.si 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com https://lapp.leanpay.hr https://app.leanpay.hr https://stage-app.leanpay.si https://app.leanpay.si https://stage-app.leanpay.ro https://vendor.leanpay.ro *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.gstatic.com *.googleapis.com cdn.jsdelivr.net assets.obi.si www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ cdn.jsdelivr.net assets.obi.si js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.jsdelivr.net assets.obi.si unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.adyen.com *.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https: data: 1
default-src 'none'; connect-src 'self' www.google.com https://cdncache-a.akamaihd.net wss wss://generatorhostels.com ws1.hotjar.com ws2.hotjar.com ws3.hotjar.com ws4.hotjar.com ws5.hotjar.com graylog.hotjar.com cdnjs.cloudflare.com ajax.googleapis.com www.google-analytics.com stats.g.doubleclick.net wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com insights.hotjar.com generatorweb.sihot.com; font-src data null generatorweb.sihot.com maxcdn.bootstrapcdn.com fonts.gstatic.com 'self'; manifest-src 'self' generatorhostels.com; object-src 'self' generatorhostels.com; frame-src 'self' service.securesrv12.com secure.liveshoppersmac.com 3dsecure.klikbca.com geschuetzteinkaufen.commerzbank.de acs.sia.eu vcas1.visa.com www.securesuite.net acs1.edb.com secure5.arcot.com aacsw.3ds.verifiedbyvisa.com tpc.googlesyndication.com sas.redsys.es cdncache-a.akamaihd.net mastercardsecurecode.secureacs.com acs1.swedbank.se analytics-google.net https://acs2-3dsecure.cic.fr https://braip.com.br www.securesuite.co.uk secure.edb.com tsys.arcot.com secure7.arcot.com www.googletagmanager.com mozbar.moz.com www.facebook.com acs.airplus.com connect.facebook.net saferpay.com www.saferpay.com generatorweb.sihot.com generatorhostels.com bid.g.doubleclick.net staticxx.facebook.com vars.hotjar.com www.google.com www.instagram.com www.youtube.com w.soundcloud.com; img-src googleads.g.doubleclick.net butstrap.space https://spedcheck.space www.gstatic.com www.google.ge www.google.pl www.google.ru www.google.cm www.google.com.eg www.google.co.kr www.google.com.np www.google.co.th www.google.dz www.google.no www.google.com.hk www.google.com.mm www.google.co.il www.google.az www.google.sk www.google.ie www.google.com.pe lh3.ggpht.com www.google.de www.google.cz www.google.co.za www.google.se www.google.dk www.google.gr www.google.lv www.google.com.tw https://gateway.zscalertwo.net www.google.com.ph www.google.com.uy www.google.fi www.google.com.ua www.google.com.cy www.google.com.jm www.google.im www.google.co.ve www.google.com.sg www.google.ca www.google.es www.google.kg www.google.be www.google.at www.google.pt www.google.fr www.google.it www.google.com.br www.google.com.ar https://gallery.mailchimp.com www.google.ch www.google.me www.google.com.ec www.google.ro www.google.kg www.google.nl www.google.com.mx https://canvaspl-a.akamaihd.net https://cdnstats-a.akamaihd.net www.google.com.lb www.google.com.co www.google.com.tr www.google.cl www.google.dk www.google.co.in www.google.hr www.gstatic.com generatorweb.sihot.com generatorstorage.blob.core.windows.net generatorhostels.com cbks0.googleapis.com csi.gstatic.com data: geo0.ggpht.com geo1.ggpht.com geo2.ggpht.com geo3.ggpht.com img.youtube.com khms0.googleapis.com khms1.googleapis.com maps.googleapis.com maps.gstatic.com 'self' generator.azureedge.net ssl.google-analytics.com stats.g.doubleclick.net web.facebook.com www.facebook.com www.google.co.uk www.google.com www.google-analytics.com ajax.googleapis.com; media-src 'self' data:; script-src 'self' data blob about asset tpc.googlesyndication.com cdnjs.cloudflare.com cdn.jsdelivr.net www.thehotelsnetwork.com cdn.scarabresearch.com fdz.octapi.net data1.iti-maps.fr data1.itineraire.info asset about spedcheck.space rules.similardeals.net tags.clickintext.net lb.apicit.net butstrap.space https://cdncache-a.akamaihd.net secure.liveshoppersmac.com generatorweb.sihot.com maxcdn.bootstrapcdn.com ajax.googleapis.com api.instagram.com connect.facebook.net eval: googleads.g.doubleclick.net inline: maps.googleapis.com platform.instagram.com s.ytimg.com script.hotjar.com 'self' ssl.google-analytics.com static.hotjar.com 'unsafe-eval' 'unsafe-inline' www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.instagram.com www.youtube.com; style-src ajax.googleapis.com fonts.googleapis.com inline: 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com generatorweb.sihot.com; report-uri https://crafted.report-uri.com/r/d/csp/reportOnly 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hsadspixel.net https://js.hs-banner.com https://*.hs-analytics.net https://js.hscta.net https://*.hubspot.com https://static.hsappstatic.net https://*.usemessages.com https://*.hubspot.net https://*.hscollectedforms.net https://*.hsleadflows.net https://*.hsforms.net https://*.hsforms.com https://*.hs-scripts.com https://*.hubspotfeedback.com https://feedback.hubapi.com https://website-assets.atlan.com https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://www.googleoptimize.com https://*.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://cdn.jsdelivr.net https://ajax.googleapis.com https://unpkg.com https://embedsocial.com https://platform.twitter.com http://*.ads-twitter.com https://cdn.syndication.twimg.com https://static.ads-twitter.com https://*.clarity.ms https://bat.bing.com https://ipgeolocation.abstractapi.com https://platform.linkedin.com https://snap.licdn.com https://*.quora.com https://*.zi-scripts.com https://*.zoominfo.com https://player.vimeo.com https://f.vimeocdn.com https://*.vimeocdn.com https://*.salesloft.com https://*.demandbase.com https://*.company-target.com https://cdn.dreamdata.cloud https://www.redditstatic.com https://cdn.seersco.com https://*.sibforms.com https://connect.facebook.net https://*.facebook.com  https://www.youtube.com https://s.ytimg.com https://js.blazeverify.com https://js.emailable.com/v1 https://www.gartner.com https://gartner.com *.crazyegg.com https://*.calendly.com https://cdnjs.cloudflare.com https://cloudflare.com https://static.cloudflareinsights.com https://cdn.rollbar.com https://*.rollbar.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com; object-src 'none'; worker-src blob:;report-uri https://o414173.ingest.sentry.io/api/4504910634549248/security/?sentry_key=4f6f1ccbe8e748aa8e60fb638de23b37;     report-to csp-endpoint 1
font-src https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com api.bazaarvoice.com stg.api.bazaarvoice.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com flagpedia.net https://t.teads.tv https://p.teads.tv data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.google.com *.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com maps.googleapis.com https://global.sunbrella.com https://cdn.b0e8.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://t.teads.tv https://p.teads.tv *.clarity.ms *.convertexperiments.com *.tiktok.com *.bing.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com display.ugc.bazaarvoice.com https://static.klaviyo.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com thm.visa.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com www.gstatic.com maps.googleapis.com https://global.sunbrella.com https://cdn.b0e8.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://t.teads.tv https://p.teads.tv *.clarity.ms *.convertexperiments.com *.tiktok.com *.bing.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-7zKrN5TyNveCDBtgGHwvoA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.gstatic.com data: *.klarnacdn.net *.klevu.com *.ksearchnet.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.klarna.com https://www.googletagmanager.com/ *.trustpilot.com *.yotpo.com *.ingrid.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com *.gstatic.com *.googleapis.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.klevu.com *.ksearchnet.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.klarna.com *.klarnacdn.net *.klarnaservices.com js.klevu.com *.ksearchnet.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.trustpilot.com *.yotpo.com *.ingrid.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com *.klarnacdn.net *.klevu.com *.ksearchnet.com *.trustpilot.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://core.helloretail.com https://helloretailcdn.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.klevu.com *.ksearchnet.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://*.frizbit.com/ https://*.googleapis.com/ *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com self https://*.frizbit.com/ https://*.googleapis.com/ *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.bitrix24.es *.facebook.net 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com https://*.doubleclick.net/ https://*.frizbit.com/ https://*.googleapis.com/ https://rum-static.pingdom.net/ https://11469910.fls.doubleclick.net/ https://www.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.facebook.com *.bitrix24.es *.facebook.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://kalicr.com https://www.google.co.cr/ https://*.frizbit.com/ https://*.googleapis.com/ https://11469910.fls.doubleclick.net/ *.google.com *.facebook.com https://connect.facebook.net/ https://www.tiendasekono.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.syteapi.com *.facebook.net *.google.co.cr *.bitrix24.es *.tiendasekono.com *.doubleclick.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com https://googletagmanager.com/ https://www.googletagmanager.com/ data: https://cdn.frizbit.com/ https://*.frizbit.com/ https://*.googleapis.com/ https://rum-static.pingdom.net/ *.smartlook.com/ *.facebook.com https://www.gstatic.com/ https://www.google.com/ https://bam.nr-data.net/ https://js-agent.newrelic.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.syteapi.com *.bitrix24.es *.pingdom.net *.facebook.net *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://googletagmanager.com/ https://www.googletagmanager.com/ data: https://*.frizbit.com/ https://*.googleapis.com/ *.fontawesome.com unsafe-inline assets.braintreegateway.com *.bitrix24.es 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.bolt.com *.magento-datasolutions.com *.magento-ds.com *.sentry.io https://googletagmanager.com/ https://www.googletagmanager.com/ https://*.doubleclick.net/ data: https://*.frizbit.com/ https://*.googleapis.com/ https://manager.eu.smartlook.cloud/ https://rum-collector-2.pingdom.net/ https://analytics.google.com/ https://www.yotpo.com/ https://bam.nr-data.net/ https://stats.g.doubleclick.net/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com syteapi.com *.syteapi.com *.facebook.com *.pingdom.net *.bitrix24.es *.facebook.net *.googlesyndication.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com *.ekomiapps.de *.bootstrapcdn.com *.azureedge.net data: oct8necdneu.azureedge.net *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com sis-t.redsys.es:* sis.redsys.es sis-t.sermepa.es:* sis.sermepa.es *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.demdex.net *.pinterest.com *.facebook.com *.oct8ne.com *.googlesyndication.com *.vimeo.com *.cookiebot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.googleapis.com *.gstatic.com *.ekomiapps.de *.xtistore.com *.bing.com *.google.com *.google.es *.azureedge.net *.googletagmanager.com *.pinterest.com *.facebook.com *.doubleclick.net *.google.com.br *.google-analytics.com *.g.doubleclick.net oct8necdneu.azureedge.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.googleapis.com *.ekomiapps.de *.connectif.cloud cdn.connectif.cloud *.newrelic.com *.nr-data.net *.bing.com *.oct8ne.com *.g.doubleclick.net *.pinimg.com *.facebook.net *.tiktok.com *.googlesyndication.com *.cloudflare.com polyfill.io *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.cookiebot.com *.adyen.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.ekomiapps.de *.bootstrapcdn.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.ekomiapps.de *.ekomi.com *.nr-data.net *.doubleclick.net *.oct8ne.com *.google-analytics.com *.connectif.cloud *.pinterest.com *.tiktok.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.g.doubleclick.net *.adyen.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-XjAu4pQ6qqyC-wlyP1UsCw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/ https://cse.google.com/ https://www.eventbrite.com/ https://apply.ciis.edu https://apply-ciis-edu.cdn.technolutions.net/ https://slate-technolutions-net.cdn.technolutions.net/ https://fw.cdn.technolutions.net/ https://bbox.blackbaudhosting.com/ https://mx.technolutions.net/ https://player.vimeo.com/ https://www.googletagmanager.com/ https://payments.blackbaud.com/ https://www.gstatic.com/ apply.ciis.edu https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.google.com/ https://cse.google.com/ https://www.eventbrite.com/ https://apply.ciis.edu https://apply-ciis-edu.cdn.technolutions.net/ https://slate-technolutions-net.cdn.technolutions.net/ https://fw.cdn.technolutions.net/ https://bbox.blackbaudhosting.com/ https://mx.technolutions.net/ https://player.vimeo.com/ https://www.googletagmanager.com/ https://payments.blackbaud.com/ https://www.gstatic.com/ apply.ciis.edu https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://use.typekit.net/ https://p.typekit.net/ https://www.google.com/ https://www.eventbrite.com/ https://apply.ciis.edu https://apply-ciis-edu.cdn.technolutions.net/ https://slate-technolutions-net.cdn.technolutions.net/ https://fw.cdn.technolutions.net/ https://bbox.blackbaudhosting.com/ https://mx.technolutions.net/ https://player.vimeo.com/ https://www.googletagmanager.com/ https://payments.blackbaud.com/ https://www.gstatic.com/ cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://use.typekit.net; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' https://www.eventbrite.com/ https://apply.ciis.edu https://apply-ciis-edu.cdn.technolutions.net/ https://slate-technolutions-net.cdn.technolutions.net/ https://fw.cdn.technolutions.net/ https://bbox.blackbaudhosting.com/ https://mx.technolutions.net/ https://player.vimeo.com/ https://www.googletagmanager.com/ https://payments.blackbaud.com/ https://www.gstatic.com/ 1
default-src 'self' https://themes.googleusercontent.com/ https://apps.geodan.nl https://acc.apps.geodan.nl https://platform.twitter.com/ https://syndication.twitter.com/ http://www.rovid.nl https://geodata.rivm.nl https://statistiek.rijksoverheid.nl https://mebi.rivm.nl https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://data.rivm.nl/ https://chemkap.rivm.nl https://app.powerbi.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://statistiek.rijksoverheid.nl http://platform.twitter.com/ https://cdn.syndication.twimg.com https://mebi.rivm.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://data.rivm.nl/  https://apps.rivm.nl https://chemkap.rivm.nl https://*.mopinion.com ; object-src https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://app.powerbi.com/; style-src 'self' 'unsafe-inline' https://platform.twitter.com/ https://ton.twimg.com/ https://mebi.rivm.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://*.mopinion.com; img-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://statistiek.rijksoverheid.nl/ https://geodata.nationaalgeoregister.nl/ https://syndication.twitter.com/ https://pbs.twimg.com/ https://ton.twimg.com/ https://abs.twimg.com/ https://platform.twitter.com/ http://abs.twimg.com/ data:  http://www.rovid.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/  https://service.pdok.nl/ https://data.rivm.nl/  https://*.openstreetmap.org/ https://chemkap.rivm.nl; frame-src 'self' https://cibrapportage.rivm.nl https://esp-ext.rivm.nl https://login-ext.rivm.nl https://chemkap.rivm.nl https://www.infectieradar.nl https://app.powerbi.com; frame-ancestors 'self' https://www.atlasleefomgeving.nl https://*.gezondeleefomgeving.nl https://*.woondossier.nl/ https://roosendaal.incijfers.nl https://*.nhnieuws.nl https://chemkap.rivm.nl https://www.infectieradar.nl; child-src https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://data.rivm.nl/  https://app.powerbi.com; font-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://themes.googleusercontent.com/ https://cstm.rivm.nl/ https://*.mopinion.com https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ data: ; connect-src 'self' https://mebi.rivm.nl/ https://statistiek.rijksoverheid.nl/ https://statistiek.rijksoverheid.nl/* https://cstm.rivm.nl/ https://cstm.rivm.nl/* https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://acc-api.rivm.nl https://api.rivm.nl/ https://api.pdok.nl/* https://*.mopinion.com; report-uri /report-csp-violation 1
object-src 'none';base-uri 'self';script-src 'nonce-Ok0rvIVpSmHbINMTVhTiww' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.yotpo.com *.googleapis.com https://maxcdn.bootstrapcdn.com *.klevu.com *.ksearchnet.com https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com https://www.facebook.com/ *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com https://*.google.com *.doubleclick.net https://www.facebook.com/ account.fetchify.com *.yotpo.com https://youtu.be https://vars.hotjar.com/ https://c.paypal.com https://surveymonkey.com/ https://bam-cell.nr-data.net https://widget.trustpilot.com https://tst.kaptcha.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.yotpo.com *.gstatic.com *.google.co.uk https://www.googletagmanager.com https://www.tag4arm.com https://bat.bing.com https://services.postcodeanywhere.co.uk https://ct.pinterest.com https://b.stats.paypal.com https://dub.stats.paypal.com https://c.paypal.com https://secure.surveymonkey.com/ https://www.foliosociety.com https://staging.foliosociety.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.klevu.com *.ksearchnet.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.yotpo.com https://thefo11129.pcapredict.com https://polyfill.io https://api.usersnap.com https://js-agent.newrelic.com https://bam.nr-data.net https://bat.bing.com https://www.tag4arm.com https://*.gstatic.com https://services.postcodeanywhere.co.uk https://r1-1.trackedweb.net https://r1-t.trackedlink.net https://static.trackedweb.net https://s.pinimg.com https://static.hotjar.com https://js.braintreegateway.com https://c.paypal.com https://widget.surveymonkey.com/ https://bam-cell.nr-data.net https://static.cloudflareinsights.com https://www.gstatic.com https://widget.trustpilot.com https://paperplaneslive.com https://mczbf.com https://sjwoe.com https://cj.dotomi.com https://emjcd.com https://idsync.rlcdn.com https://*.cj.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com js.klevu.com *.ksearchnet.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.ometria.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.doubleclick.net *.facebook.com cc-cdn.com *.yotpo.com https://maxcdn.bootstrapcdn.com https://services.postcodeanywhere.co.uk unsafe-inline assets.braintreegateway.com *.klevu.com *.ksearchnet.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.google-analytics.com *.facebook.com *.facebook.net api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.yotpo.com *.doubleclick.net https://services.postcodeanywhere.co.uk https://bam.nr-data.net https://r1.trackedweb.net https://ct.pinterest.com https://origin-analytics-sand.sandbox.braintree-api.com https://payments.sandbox.braintree-api.com https://bat.bing.com https://in.hotjar.com https://www.paypal.com https://www.tag4arm.com https://bam-cell.nr-data.net https://widget.trustpilot.com https://paperplaneslive.com https://mczbf.com https://sjwoe.com https://cj.dotomi.com https://emjcd.com https://idsync.rlcdn.com https://*.cj.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.klevu.com *.ksearchnet.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com t.elasticsuite.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.ometria.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.braintreegateway.com *.paypal.com https://surveymonkey.com/ https://secure.surveymonkey.com/ *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.facebook.net *.googlesyndication.com www.google.com *.azureedge.net www.googletagmanager.com *.doubleclick.net adservice.google.com test.df-controltower.mycampari.com www.google-analytics.com ajax.aspnetcdn.com df-controltower.mycampari.com www.campari.com region1.google-analytics.com consent.cookiebot.com consentcdn.cookiebot.com imgsct.cookiebot.com analytics.google.com region1.analytics.google.com *.dynamics.com www.google.de ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-135a5fad06a44af3ab0c0d4b8f72b018' https://www.myplannedparenthoodchart.org 'self';img-src https://* 'self' blob: data:;style-src https://www.myplannedparenthoodchart.org 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1
default-src 'self' *.nscc.ca; img-src 'self' *.nscc.ca *.gstatic.com *.fontawesome.com *.google.ca *.google.com www.google-analytics.com app.careerbeacon.com s3.amazonaws.com syndication.twitter.com www.facebook.com *.monsido.com data: www.googletagmanager.com maps.googleapis.com https://ad.doubleclick.net https://px.ads.linkedin.com/ https://www.linkedin.com/px/ https://i.ytimg.com/vi_webp/; font-src 'self' *.nscc.ca *.fontawesome.com *.googleapis.com *.gstatic.com cdn.kendostatic.com data:; style-src 'self' *.nscc.ca *.fontawesome.com *.googleapis.com *.google.com app.simplycast.ca widget.alongside.com cdn.kendostatic.com kendo.cdn.telerik.com tags.srv.stackadapt.com www.googletagmanager.com static-assets-ca.libanswers.com https://kendo.cdn.telerik.com 'unsafe-inline'; script-src 'self' *.nscc.ca *.google.com *.googleapis.com *.gstatic.com *.fontawesome.com *.google-analytics.com *.googletagmanager.com app.simplycast.ca *.youtube.com widget.alongside.com platform.twitter.com lgapi-ca.libapps.com islpronto.islonline.net ca.libraryh3lp.com api3-ca.libcal.com cdn.kendostatic.com *.monsido.com *.crazyegg.com connect.facebook.net tags.srv.stackadapt.com js.adsrvr.org blob: static-assets-ca.libanswers.com https://jsonip.com https://server402.islonline.net/live/islpronto https://code.jquery.com/jquery-3.7.0.min.js https://cdn.kendostatic.com/2023.3.1010/js/* https://kendo.cdn.telerik.com https://qvdt3feo.com/events.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://analytics.tiktok.com/i18n/pixel/events.js https://analytics.tiktok.com/i18n/pixel/static/ 'unsafe-inline'; connect-src 'self' *.nscc.ca www.google-analytics.com csp.withgoogle.com ka-p.fontawesome.com kit.fontawesome.com api3-ca.libcal.com *.crazyegg.com tags.srv.stackadapt.com *.monsido.com analytics.google.com stats.g.doubleclick.net maps.googleapis.com https://px.ads.linkedin.com/ https://px.ads.linkedin.com/wa/ https://analytics.tiktok.com/api/v2/pixel https://analytics.tiktok.com/api/v2/pixel/act; frame-src 'self' *.youtube.com *.google.com syndication.twitter.com platform.twitter.com ca.libraryh3lp.com *.fls.doubleclick.net insight.adsrvr.org cckc.airtime.pro www.facebook.com https://player.vimeo.com https://td.doubleclick.net https://app.simplycast.ca https://match.adsrvr.org/track/upb/*; frame-ancestors 'self' *.nscc.ca:*; 1
block-all-mixed-content; default-src 'self'; img-src 'self' blob: data: https:; script-src 'self' 'strict-dynamic' 'unsafe-inline' cdnjs.cloudflare.com js.intercomcdn.com k0r92gxvnwz6.statuspage.io https:; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com https://www.googletagmanager.com cdnjs.cloudflare.com cdn.jsdelivr.net embed.lpcontent.net; font-src 'self' data: https:; connect-src 'self' https: wss://*.intercom.io wss://*.pusher.com wss://*.ably.io wss://*.sessionstack.com; frame-src 'self' https:; media-src 'self' blob: data: https:; object-src 'self' *.amazonaws.com;; base-uri 'self'; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubce2055812be5901b8d66c0f68cdc5bce&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=environment%3Aprod%2Cservice%3Asftptogo; 1
object-src 'none';base-uri 'self';script-src 'nonce-9_EMhQ-ZDcaMFNM2uFsRoA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data: blob:; child-src 'self' https: blob:; connect-src 'self' *.paypal.com *.svc.dynamics.com *.dynamics.com *.w3.org *.getgo.com *.bizzabo.com *.pheedloop.com *.bugsnag.com *.microsoft.com https://unpkg.com google.com *.google.com *.geolocation.onetrust.com *.onetrust.com *.linkedin.oribi.io *.oribi.io *.adroll.com *.clickdimensions.com *.cookielaw.org *.cloudflare.com *.facebook.net *.facebook.com *.googleapis.com *.typekit.net *.gstatic.com *.doubleclick.net *.twimg.com *.polyfill.io *.linkedin.com *.crazyegg.com *.licdn.com *.twitter.com *.google-analytics.com *.google.co.in *.googleadservices.com *.googletagmanager.com *.gstatic.com https://ml314.com *.company-target.com *.demandbase.com *.6sc.co; script-src  'unsafe-inline' 'unsafe-eval' 'self' *.azureedge.net *.bizzabo.com *.pheedloop.com *.bugsnag.com *.paypal.com *.w3.org *.getgo.com https://unpkg.com *.vimeo.com *.microsoft.com *.msecnd.net *.svc.dynamics.com *.dynamics.com *.brightcove.net *.cloudfront.net *.googletagmanager.com *.fontawesome.com *.wistia.com *.nprapps.org google.com *.google.com *.adroll.com *.ads-twitter.com *.clickdimensions.com *.cookielaw.org *.cloudflare.com *.facebook.net *.googleapis.com *.typekit.net *.gstatic.com *.doubleclick.net *.twimg.com *.polyfill.io https://polyfill.io *.linkedin.com *.crazyegg.com *.licdn.com *.twitter.com *.google-analytics.com *.google.co.in *.googleadservices.com *.googletagmanager.com *.gstatic.com https://ml314.com *.buzzsprout.com *.blubrry.com *.company-target.com *.demandbase.com *.6sc.co; style-src 'self' https: 'unsafe-inline' *.svc.dynamics.com *.dynamics.com *.paypal.com https://organizer.bizzabo.com https://site.pheedloop.com https://sessions.bugsnag.com https://unpkg.com https://ml314.com *.blubrry.com;  worker-src  'self' blob:; 1
font-src https://fonts.gstatic.com/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.portmone.com.ua https://td.doubleclick.net/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://www.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://www.google.ca/pagead https://www.google.ca/pagead/1p-user-list/ https://www.google.ca/ads/ga-audiences www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com *.googletagmanager.com *.google-analytics.com www.portmone.com.ua https://connect.facebook.net https://www.google.ca/pagead/1p-user-list/ https://www.google.ca/ads/ga-audiences https://tools.luckyorange.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://www.openlayers.org/api/OpenLayers.js http://openlayers.org/api/OpenLayers.js cdn.bitrix24.ua yaposhka.bitrix24.ua 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com *.googletagmanager.com *.google-analytics.com unsafe-inline cdn.bitrix24.ua yaposhka.bitrix24.ua 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://www.googleadservices.com *.googletagmanager.com *.google-analytics.com *.stats.g.doubleclick.net gate.portmone.com.ua https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://stats.g.doubleclick.net https://tools.luckyorange.com https://settings.luckyorange.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.facebook.com cdn.userway.org siteimproveanalytics.com www.google.com.pr www.recaptcha.net *.everesttech.net *.1firstbank.com www.googletagmanager.com *.googleapis.com analytics.google.com adservice.google.com *.omtrdc.net *.gstatic.com www.google.com api.userway.org *.siteimproveanalytics.io assets.adobedtm.com *.facebook.net cdn77.api.userway.org *.demdex.net *.doubleclick.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' https://cdn.ampproject.org https://snap.licdn.com https://www.youtube.com *.youtube.com http://www.google-analytics.com https://www.googletagmanager.com https://consent.bumble.com *.typeform.com *.doubleclick.net *.taboola.com *.veritonicmetrics.com; script-src 'self' 'unsafe-inline' 'report-sample' 'nonce-KqwAA7wfw8hUyjoShbNelw==' https://cdn.ampproject.org https://snap.licdn.com https://www.youtube.com *.youtube.com http://www.google-analytics.com https://www.googletagmanager.com https://consent.bumble.com *.typeform.com *.doubleclick.net *.taboola.com *.veritonicmetrics.com; style-src 'self' 'unsafe-inline' *.typeform.com; connect-src 'self' https://consent.bumble.com http://www.google-analytics.com *.analytics.google.com https://stats.g.doubleclick.net *.veritonicmetrics.com; child-src 'self'; font-src 'self' data:; manifest-src 'self'; base-uri 'self'; frame-src 'self' https://cdn.ampproject.org https://snap.licdn.com https://www.youtube.com *.youtube.com http://www.google-analytics.com https://www.googletagmanager.com https://consent.bumble.com *.typeform.com *.doubleclick.net *.taboola.com *.veritonicmetrics.com; img-src * data: blob: www.googletagmanager.com; media-src * data: blob:; report-uri /jss/csp_report.phtml?token=bumble_team_site&env=production; 1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' bam-cell.nr-data.net browser-update.org ekr.zdassets.com fonts.googleapis.com fonts.gstatic.com js-agent.newrelic.com maxcdn.bootstrapcdn.com multimedia.email.darkhorse.com *.tfaw.com static.zdassets.com tfaw.zendesk.com widget-mediator.zopim.com www.email.tfaw.com www.tfaw.com bam.nr-data.net js.stripe.com maps.googleapis.com www.gstatic.com www.google.com *.zendesk.com *.zopim.com *.static.zdassets.com c.tvpixel.com www.google-analytics.com connect.facebook.net www.googletagmanager.com www.dwin1.com unpkg.com commerce.adobedtm.com magento-recs-sdk.adobe.net www.googleadservices.com tpc.googlesyndication.com ssl-google-analytics.com translate.googleapis.com translate-pa.googleapis.com account.shareasale.com https://unpkg.com https://commerce.adobedtm.com https://magento-recs-sdk.adobe.net; report-uri /.webscale/csp-report 1
default-src https:; font-src https: data:; style-src 'unsafe-inline' https:; object-src 'self';connect-src https: wss:; script-src 'nonce-byq4cGi0hh61IOe0+brVXdR9vJYvyE9Tj3UZsz5yvz8=' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; img-src https: data:; report-uri /webhooks/csp-log/create 1
default-src https:;
    script-src https: 'unsafe-eval' 'unsafe-inline';
    style-src https: 'unsafe-inline';
    img-src https: data:;
    font-src https: data:;
    report-uri /csp-report 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.pinterest.com cdn.cookielaw.org display.popt.in *.arcgis.com maxmind.destinilocators.com cdnjs.cloudflare.com *.facebook.net *.hubspot.com *.adsrvr.org js.hsleadflows.net *.googleapis.com *.bazaarvoice.com www.google-analytics.com lets.shop vc.hotjar.io cdn.popt.in *.hotjar.com api.hubapi.com js.hs-banner.com *.onetrust.com perf.hsforms.com adservice.google.com js.hscta.net hlc7l6v5w6.execute-api.us-west-2.amazonaws.com www.googletagmanager.com js.hs-scripts.com *.pinimg.com js.hs-analytics.net www.stonyfield.com js.hsadspixel.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self'; font-src 'self' data:; img-src 'self' data:; script-src 'self'; style-src 'self'; report-uri https://teratorium.uriports.com/reports/report; report-to default 1
font-src data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' data: 'unsafe-inline' https://www.google.com https://www.gstatic.com https://api.sandbox.braintreegateway.com https://api.braintreegateway.com https://browser-update.org https://cdn.jsdelivr.net https://fonts.googleapis.com https://widget.freshworks.com https://chart.googleapis.com; font-src *; form-action 'self'; report-uri /API/csp-report.php 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' app.hubspot.com cdn-3.convertexperiments.com cdnjs.cloudflare.com connect.facebook.net cta-service-cms2.hubspot.com js.hsforms.net js.hs-analytics.net js.hs-banner.com js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com platform.twitter.com play.vidyard.com run.pstmn.io script.crazyegg.com script.hotjar.com static.hotjar.com static.hsappstatic.net use.typekit.net www.googletagmanager.com www.google-analytics.com www.hubspot.com 'strict-dynamic' 'nonce-qilU9s97Z05moMw67/E8+g=='; report-uri https://send.hsbrowserreports.com/csp/report; 1
report-uri https://events.mercadolibre.com/csp/reports?identifier=jRuisOMjDBl8yf2xetBFynFnOsHb9gusErSA-ooIZNQWVYMAKXgC-Po5d06V_KH5&policy_id=71&user_id=&request_id=d45ec172-021d-4dc2-a63c-adff73716997; report-to csp-endpoint; frame-ancestors 'none' 1
font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.retailrocket.net landofcoder.com *.mercadolibre.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.apptrian.com www.facebook.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com *.retailrocket.net landofcoder.com *.googleapis.com *.google.com *.gstatic.com *.avada.io *.mlstatic.com *.mercadopago.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.retailrocket.net *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src *.retailrocket.net landofcoder.com 'self' 'unsafe-inline'; media-src www.apptrian.com www.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com connect.facebook.net graph.facebook.com *.retailrocket.net landofcoder.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolibre.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline'; form-action *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.google.com *.gstatic.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' https://www.google.com https://www.google.tn 'unsafe-inline' 'unsafe-eval' https://cdn.tagcommander.com/ https://cdn.trustcommander.net/ https://tag.aticdn.net/ https://cdnjs.cloudflare.com/ https://assets.bouyguestelecom.fr https://embed.binkies3d.com https://az589851.vo.msecnd.net/ https://www.googletagmanager.com https://bat.bing.com https://snap.licdn.com/ https://dynamic.criteo.com/ https://www.google-analytics.com https://googleads.g.doubleclick.net https://ad.doubleclick.net https://sslwidget.criteo.com https://solutions.bouyguestelecom-entreprises.fr/analytics https://pi.pardot.com https://halc.iadvize.com https://connect.facebook.net https://c.amazon-adsystem.com https://player.ausha.co https://newsharecounts.s3-us-west-2.amazonaws.com 'self'; img-src 'self' * data: blob: https://trusted.cdn.com https://assets.bouyguestelecom.fr https://www.bouyguestelecom-entreprises.fr https://bouyguestelecomentreprises.commander1.com/ https://az589851.vo.msecnd.net/ https://px.ads.linkedin.com https://bat.bing.com https://www.google-analytics.com https://www.google.com https://www.google.tn https://www.googletagmanager.com https://ad.doubleclick.net; font-src 'self' https://assets.bouyguestelecom.fr https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' https://www.youtube.com https://8940903.fls.doubleclick.net/ https://fledge.eu.criteo.com/ https://gum.criteo.com/ https://td.doubleclick.net/; style-src 'self' 'unsafe-inline' https://assets.bouyguestelecom.fr https://fonts.googleapis.com https://use.fontawesome.com; media-src 'self' blob:; object-src 'self'; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; block-all-mixed-content; worker-src blob:; connect-src 'self' https://logws1361.ati-host.net https://embed.binkies3d.com https://binkiesproductionweu.servicebus.windows.net https://az589851.vo.msecnd.net; 1
default-src 'self'; connect-src *; font-src data: *; frame-src *; img-src data: *; media-src *; object-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; style-src 'self' 'unsafe-inline'; report-uri https://csp-reports.firmseek.com/hodgsonruss; 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net *.googleapis.com *.googletagmanager.com *.google.com *.fontawesome.com https://www.google.com https://www.gstatic.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.google.com *.googletagmanager.com *.googleapis.com *.facebook.com *.authorize.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.googletagmanager.com *.facebook.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io www.apptrian.com store.paradoxlabs.com *.google.com *.google.co.in https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com https://meetanshi.com/media/logo.png www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.apptrian.com *.authorize.net *.braintreegateway.com *.paypal.com *.mouseflow.com localmenu.katzsdelicatessen.com *.addthis.com *.noibu.com *.avada.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.googleapis.com *.gstatic.com *.googletagmanager.com *.facebook.net *.fontawesome.com player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.googletagmanager.com *.google.com *.klaviyo.com *.fontawesome.com https://static.klaviyo.com *.gstatic.com assets.braintreegateway.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io www.apptrian.com  *.google-analytics.com *.googletagmanager.com *.googleapis.com *.doubleclick.net *.klaviyo.com *.report-uri.com *.noibu.com wss://*.noibu.com https://get.geojs.io *.avada.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com *.google-analytics.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.cloudflare.com *.twitter.com *.twimg.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.report-uri.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://katzsdelicatessen.report-uri.com/r/d/csp/enforce; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-0K1No9VJbfyIOsp8gTMCJA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-IplfxOQRz-7AN_GL_v4qXw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' bam.nr-data.net js-agent.newrelic.com tags.srv.stackadapt.com snap.licdn.com connect.facebook.net www.google-analytics.com www.googletagmanager.com googleads.g.doubleclick.net translate.googleapis.com prod.ally.ac a.omappapi.com a.opmnstr.com yoda.unifyed.com www.googleadservices.com js.adsrvr.org translate.google.com cdn01.basis.net translate-pa.googleapis.com cdn.gtranslate.net tags.srv.stackadapt.com *.google.com; style-src 'self' 'unsafe-inline' cloud.typography.com tags.srv.stackadapt.com a.omappapi.com prod.ally.ac translate.googleapis.com fonts.gstatic.com fonts.googleapis.com www.gstatic.com; img-src 'self' my.unifyed.com px.ads.linkedin.com www.gstatic.com www.facebook.com www.google.com pixel.sitescout.com www.google-analytics.com i.ytimg.com i.vimeocdn.com translate.google.com translate.googleapis.com fonts.gstatic.com ad.doubleclick.net manageimages-prod.s3.amazonaws.com data:; frame-src 'self' insight.adsrvr.org *.doubleclick.net www.youtube.com www.youtube-nocookie.com pixel.sitescout.com player.vimeo.com www.facebook.com; frame-ancestors 'self' insight.adsrvr.org *.doubleclick.net www.youtube.com www.youtube-nocookie.com pixel.sitescout.com player.vimeo.com www.facebook.com; child-src 'self' insight.adsrvr.org *.doubleclick.net www.youtube.com www.youtube-nocookie.com pixel.sitescout.com player.vimeo.com www.facebook.com; font-src 'self' themes.googleusercontent.com fonts.gstatic.com; connect-src 'self' cloud.typography.com tags.srv.stackadapt.com api.omappapi.com prod.ally.ac translate.googleapis.com yoda.unifyed.com www.google-analytics.com stats.g.doubleclick.net bam.nr-data.net play.google.com www.facebook.com https://px.ads.linkedin.com/wa/; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-901b5daedae74ecd8a01c21d630139b5' https://www.mybassetthealthconnection.org 'self';img-src https://* 'self' blob: data:;style-src https://www.mybassetthealthconnection.org 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1
object-src 'none';base-uri 'self';script-src 'nonce-L-MgGCzsiOe6JTzcf5WPqg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https: https://tbs.tradedoubler.com:* https://s7g10.scene7.com:* https://stenaline.se:*; script-src 'unsafe-inline' https://bat.bing.com:* https://googleads.g.doubleclick.net:* https://acrobatservices.adobe.com:* https://cdn.cookielaw.org:* https://cdn.mouseflow.com:* https://documentservices.adobe.com:* https://www.google-analytics.com:* https://www.googletagmanager.com:* https://www.stenaline.se/etc.clientlibs:* https://www.stenaline.se:* https://connect.facebook.net:* https://messenger.ebilobster.ai:* https://*.stenaline.com:* https://stenaline.com:* https://assets.adobedtm.com:*; img-src data: https: https://s7g10.scene7.com:*; style-src 'self' 'unsafe-inline' https://acrobatservices.adobe.com:* https://*.stenaline.com:* https://stenaline.com:* https://stenaline.se:*; object-src 'none' 1
default-src 'self'; font-src 'self'; img-src 'self'; script-src self https://www.google.com https://www.gstatic.com; style-src 'self';frame-src self https://www.google.com https://www.gstatic.com;frame-ancestors 'self' 1
report-to slardar-endpoint; script-src 'self' 'unsafe-eval' 'report-sample' 'nonce-a72bd6909765aa4ed8a212872c268770-argus' 'strict-dynamic' *.bytescm.com *.bytetos.com *.ibytedapm.com *.zijieapi.com *.snssdk.com *.bytedance.com *.bytedance.net *.pstatp.com *.bytednsdoc.com *.bytegoofy.com *.byted-static.com *.yhgfb-cn-static.com blob: 'wasm-unsafe-eval' data:; connect-src 'self' *.idouyinvod.com:* *.volcsiriusbd.com:* *.volcsirius.com:* *.tt.x.bsgslb.cn:* *.dy.zzcdnx.com:* *.qc.bsccdn.net:* *.smtcdns.com:* *.ugslb.com:* *.livehwc3.cn:* *.smtcdns.net:* *.bytefcdnrd.com:* *.ksyungslb.com:* *.ksyungslb2.com:* *.ourdvsss.com:* *.tbcache.com:* *.jomodns.com:* *.douyincdn.com:* *.ixigua.com:* *.bdxigualive.com:* *.pstatp.com:* *.douyinliving.com:* *.picovr.com:* *.huoshanlive.com:* *.ihuoshanlive.com:* *.volccdn.com:* *.bestv.com.cn:* *.bytefcdn.com:* *.douyinvod.com:* *.bytescm.com *.bytetos.com *.ibytedapm.com *.zijieapi.com *.snssdk.com *.bytedance.com *.bytedance.net *.pstatp.com *.bytednsdoc.com *.bytegoofy.com *.byted-static.com *.yhgfb-cn-static.com *.ulikecam.com *.capcut.cn *.bytedanceapi.com *.google-analytics.com blob: wss: *.baidu.com *.qnqcdn.net:* *.weilayun.com:* *.saxysec.com:* *.saxyit.com:* *.saxydc.com:* *.sjxysec.com:* *.sjxydc.com:* *.hiecheimaetu.com:* *.ppio.cloud:* *.vegslb.com:* *.xsj.wasu.tv:* *.zebracdn.com:* *.volctranscdn.com:* *.hizhecheng.com:*; frame-ancestors 'self'; upgrade-insecure-requests ; 1
default-src 'self' 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net *.googletagmanager.com *.zdassets.com cdn.brcdn.com *.googleapis.com *.google-analytics.com *.google.com *.trustpilot.com *.newrelic.com bam.nr-data.net *.amazonaws.com *.jquery.com fonts.fontawesome.com fonts.gstatic.com use.fontawesome.com sarnova-dev.s3.amazonaws.com *.akstat.io 1
default-src 'self' https://uplearn.co.uk https://*.uplearn.co.uk; form-action 'none'; frame-ancestors 'none'; report-to csp-reports; report-uri https://699d990dec5efb4f79a80290e440963f.report-uri.com/r/d/csp/wizard 1
font-src  *.criteo.net *.zip.co *.iyzipay.com *.gstatic.com *.cloudfront.net *.zipmoney.com.au *.zip.co *.zoovu.com *.checkout.com data: 'self' 'unsafe-inline';frame-ancestors 'self';frame-src *.cloudfront.net *.adyen.com *.euw2.pure.cloud *.salecycle.com *.tradedoubler.com *.brightcove.net *.demdex.net 'self' 'unsafe-inline';img-src *.bazaarvoice.com *.dyson.vn *.facebook.com *.dysoncanada.ca *.dyson.com.ee *.afterpay.com *.google.co.in *.google.com *.demdex.net *.everesttech.net *.zipmoney.com.au *.yahoo.net *.zip.co *.adyen.com *.euw2.pure.cloud *.assetsadobe2.com *.mktgcdn.com *.zip.co *.googletagmanager.com *.amazonaws.com *.dyson.com.ro *.adobe.com *.google-analytics.com *.riskified.com *.googletagmanager.com *.omtrdc.net *.zoovu.com *.doubleclick.net *.brightcove.com *.boltdns.net data: 'self' 'unsafe-inline';script-src https://mt.adobe.launch.script.test.js/ *.afterpay.com *.dyson.com.ro *.queue-it.net *.zipmoney.com.au *.cloudfront.net *.dyson.com *.zip.co *.boldchat.com *.newrelic.com *.googleapis.com *.google-analytics.com *.adobedtm.com *.bazaarvoice.com *.optimizely.com *.nr-data.net *.newrelic.com *.euw2.pure.cloud *.omtrdc.net *.googletagmanager.com *.go-mpulse.net *.zencdn.net *.doubleclick.net *.facebook.net *.google-analytics.com *.brightcove.net *.s3.amazonaws.com *.salecycle.com *.zoovu.com *.afterpay.com *.zipmoney.com.au *.zip.co *.riskified.com blob: 'self' 'unsafe-inline' 'unsafe-eval';style-src *.zip.co *.googleapis.com *.optimizely.com *.zip.co *.checkout.com *.zoovu.com 'self' 'unsafe-inline';object-src *.euw2.pure.cloud 'self' 'unsafe-inline';child-src *.euw2.pure.cloud blob: 'self' 'unsafe-inline';media-src *.s3.amazonaws.com *.cloudfront.net *.assetsadobe.com *.euw2.pure.cloud blob: 'self' 'unsafe-inline';manifest-src 'self' 'unsafe-inline';connect-src *.bazaarvoice.com wss://websocket.bold360.com *.akstat.io *.dyson.com.ee *.googleapis.com *.cloudfront.net *.googleadservices.com *.zipmoney.com.au *.zip.co *.adyen.com *.google.com *.nr-data.net *.amazonaws.com *.pure.cloud *.newrelic.com wss://webmessaging.euw2.pure.cloud *.googletagmanager.com *.go-mpulse.net *.doubleclick.net *.facebook.net *.brightcove.net *.s3.amazonaws.com *.salecycle.com *.google-analytics.com *.demdex.net *.omtrdc.net *.zoovu.com *.cloudfront.net *.zipmoney.com.au *.zip.co *.riskified.com *.brightcove.com *.boltdns.net *.akamaihd.net 'self' 'unsafe-inline';base-uri 'self' 'unsafe-inline'; 1
font-src https://*.mailcampaigns.nl https://widgets.trustedshops.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net www.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com www.google.com https://*.hotjar.com https://*.doubleclick.net *.weltpixel.com https://maps.google.com/ *.multisafepay.com https://pay.google.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://images.unsplash.com https://*.bing.com https://*.google-analytics.com https://pagead2.googlesyndication.com https://*.google.nl https://*.google.com https://*.clarity.ms https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.chromeburner.test blob: https://*.chromeburner.com https://*.chromeburner.nl https://*.hotjar.com https://*.mailcampaigns.nl *.cloudfront.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.gstatic.com *.multisafepay.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.bing.com https://*.google-analytics.com https://pagead2.googlesyndication.com https://*.webgains.io https://*.clarity.ms https://*.facebook.net https://*.googleadservices.com https://*.doubleclick.net https://*.chromeburner.test https://*.chromeburner.com https://*.chromeburner.nl https://*.hotjar.com https://*.mailcampaigns.nl analytics.tiktok.com cdn.flbx.io *.getflowbox.com widget.freshworks.com m2epro.freshdesk.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://www.googletagmanager.com tagmanager.google.com *.multisafepay.com https://pay.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://*.mailcampaigns.nl widget.freshworks.com m2epro.freshdesk.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com tagmanager.google.com *.fontawesome.com maxcdn.bootstrapcdn.com *.multisafepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net https://*.bing.com https://*.doubleclick.net https://*.google.com https://*.google.nl https://pagead2.googlesyndication.com https://*.clarity.ms https://*.chromeburner.test https://*.chromeburner.com https://*.chromeburner.nl https://*.googletagmanager.com https://*.hotjar.com https://*.google-analytics.com https://*.mailcampaigns.nl analytics.tiktok.com cdn.flbx.io *.getflowbox.com widget.freshworks.com m2epro.freshdesk.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site https://www.google-analytics.com *.multisafepay.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-p-o_W8FIl_oIeMpP7edW9g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-qGYSINtJbgkrV448b1XGow' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https: data: 'unsafe-inline';report-uri https://agrian.com/global/csp_report/ 1
default-src data: blob: about: 'self' 'unsafe-inline' 'unsafe-eval' https: wss:; report-uri /csp/report?always; 1
font-src *.googleapis.com *.gstatic.com 'self' data: oct8necdneu.azureedge.net *.fontawesome.com *.punchout2go.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.iadvize.com *.reskyt.com https://*.iadvize.com wss://*.iadvize.com https://*.launchdarkly.com https://*.mixpanel.com https://*.mxpnl.com https://*.twilio.com wss://*.twilio.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com sis-t.redsys.es:* sis.redsys.es sis-t.sermepa.es:* sis.sermepa.es *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.punchout2go.com 'self' data: *.twitter.com *.facebook.com vendedoreswurth.aclonline.es *.reskyt.com https://*.iadvize.com wss://*.iadvize.com https://*.launchdarkly.com https://*.mixpanel.com https://*.mxpnl.com https://*.twilio.com wss://*.twilio.com *.tradecentric.com 'self' 'unsafe-inline'; frame-ancestors *.punchout2go.com 'self' data: 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com youtube.com *.youtube-nocookie.com bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.vimeo.com *.oct8ne.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.punchout2go.com *.twitter.com *.google.com *.iadvize.com *.addtoany.com *.facebook.com *.reskyt.com https://*.iadvize.com wss://*.iadvize.com https://*.launchdarkly.com https://*.mixpanel.com https://*.mxpnl.com https://*.twilio.com wss://*.twilio.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.googleapis.com *.gstatic.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net oct8necdneu.azureedge.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.punchout2go.com *.cloudflare.com *.klarna.com *.googleadservices.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.iadvize.com *.doubleclick.net *.facebook.com *.cookielaw.org *.magentocommerce.com *.wuerth.com vendedoreswurth.aclonline.es wurth.aclonline.es cdn.connectif.cloud *.reskyt.com https://*.iadvize.com wss://*.iadvize.com https://*.launchdarkly.com https://*.mixpanel.com https://*.mxpnl.com https://*.twilio.com wss://*.twilio.com media.witglobal.net media.wuerth.com https://*.clarity.ms https://*.bing.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com polyfill.io *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.cookiebot.com *.oct8ne.com *.adyen.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.punchout2go.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.iadvize.com *.connectif.cloud *.addtoany.com *.cookielaw.org *.doubleclick.net *.facebook.net *.jsdelivr.net *.jquery.com *.reskyt.com https://*.iadvize.com wss://*.iadvize.com https://*.launchdarkly.com https://*.mixpanel.com https://*.mxpnl.com https://*.twilio.com wss://*.twilio.com https://*.clarity.ms *.newrelic.com *.nr-data.net *.onetrust.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.fontawesome.com *.addtoany.com unsafe-inline assets.braintreegateway.com *.punchout2go.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.iadvize.com *.jsdelivr.net *.reskyt.com https://*.iadvize.com wss://*.iadvize.com https://*.launchdarkly.com https://*.mixpanel.com https://*.mxpnl.com https://*.twilio.com wss://*.twilio.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com vimeo.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.oct8ne.com *.adyen.com http://dpm.demdex.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.punchout2go.com *.cloudflare.com *.twitter.com *.twimg.com *.cookielaw.org *.iadvize.com *.doubleclick.net *.analytics.google.com *.connectif.cloud *.facebook.com compliance.wurth.es *.reskyt.com https://*.iadvize.com wss://*.iadvize.com https://*.launchdarkly.com https://*.mixpanel.com https://*.mxpnl.com https://*.twilio.com wss://*.twilio.com *.wuerth.com https://*.clarity.ms *.newrelic.com *.nr-data.net *.onetrust.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.whisbi.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es tr.snapchat.com connect.facebook.net *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.google.com *.doubleclick.net *.facebook.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es tr.snapchat.com open.spotify.com *.facebook.net *.iadvize.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io camo.githubusercontent.com *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com tr.snapchat.com *.storyblok.com *.placeholder.com px.ads.linkedin.com *.whisbi.com t.co *.iadvize.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com js-agent.newrelic.com bam.nr-data.net script.crazyegg.com snap.licdn.com static.ads-twitter.com sc-static.net track.adform.net *.whisbi.com www.google.fr sdk.privacy-center.org *.adform.net analytics.twitter.com *.iadvize.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.whisbi.com *.iadvize.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es script.crazyegg.com bam.nr-data.net tracking.crazyegg.com *.whisbi.com *.iadvize.com wss://*.iadvize.com wss://*.twilio.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://fonts.gstatic.com https://ws.colissimo.fr *.fontawesome.com https://viewer.ipaper.io https://ipaper.io *.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.ariba.com app.instapunchout.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com *.ariba.com app.instapunchout.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.youtube.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr https://api.mapbox.com maps.gstatic.com https://viewer.ipaper.io https://ipaper.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com applepay.cdn-apple.com maps.googleapis.com https://viewer.ipaper.io https://ipaper.io *.zdassets.com *.google.com *.gstatic.com *.relewise.com *.trustpilot.com *.jsdelivr.net https://www.creavea.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com *.fontawesome.com applepay.cdn-apple.com https://viewer.ipaper.io https://ipaper.io *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://viewer.ipaper.io https://ipaper.io *.zdassets.com *.facebook.com *.relewise.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://nominatim.openstreetmap.org autocomplete2.postdirekt.de *.zdassets.com *.zendesk.com wss://widget-mediator.zopim.com *.relewise.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://viewer.ipaper.io https://ipaper.io 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com fonts.gstatic.com acsbapp.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.snapchat.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.demdex.net/ www.facebook.com platform.twitter.com tst.kaptcha.com c.sandbox.paypal.com s7.addthis.com *.tieks.com *.snapchat.com *.doubleclick.net *.pinterest.com ssl.kaptcha.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com * data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.taboola.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com acsbap.com https://acsbapp.com/apps/app/dist/js/app.js z.moatads.com v1.addthisedge.com platform.twitter.com static.zdassets.com m.addthis.com s7.addthis.com *.zopim.com *.facebook.net *.pinimg.com *.yimg.com sc-static.net *.ads-twitter.com *.doubleclick.net *.newrelic.com *.nr-data.net *.adobedtm.com *.queue-it.net *.bing.com *.tiktok.com *.snapchat.com acsbapp.com *.pinterest.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com tieks.com *.tieks.com static.zdassets.com *.rackcdn.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.taboola.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com wss://widget-mediator.zopim.com/ *.zendesk.com *.zdassets.com *.tieks.com cdn.acsbapp.com m.addthis.com maps.googleapis.com *.yimg.com *.pinterest.com *.snapchat.com *.doubleclick.net *.nr-data.net www.facebook.com bat.bing.com *.tiktok.com pagead2.googlesyndication.com *.google-analytics.com analytics.pangle-ads.com acsbapp.com *.acsbapp.com acsbap.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.gstatic.com imgsct.cookiebot.com tpg.hafas.cloud *.googleapis.com *.facebook.net www.google.fr consentcdn.cookiebot.com www.tpg.ch www.google.ch *.linkedin.com *.adnxs.com www.google.com *.facebook.com www.google-analytics.com *.doubleclick.net www.googletagmanager.com region1.analytics.google.com *.licdn.com adservice.google.com consent.cookiebot.com www.youtube.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
frame-ancestors 'self'; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=puba63db3f96a1d5bb789394101974def5f&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:production 1
script-src 'self' https://bringthemhomenow.net https://ajax.googleapis.com https://tpc.googlesyndication.com https://cdn.ampproject.org https://fundingchoicesmessages.google.com https://apis.google.com https://www.google.com https://www.gstatic.com https://www.jumbomail.me https://pagead2.googlesyndication.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://static.hotjar.com https://cdn.taboola.com https://amplify.outbrain.com https://script.hotjar.com https://cdn.userway.org https://stats.g.doubleclick.net; report-uri https://api.jumbomail.me/csp-report-endpoint 1
default-src 'self' https: ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' ; script-src-elem 'self' https: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: ; form-action 'self' https: 'unsafe-inline' 'unsafe-eval'; media-src 'self' blob: ; font-src 'self' data: https: ; worker-src 'self' blob: ; 1
font-src  *.zip.co *.iyzipay.com *.zipmoney.com.au *.gstatic.com *.cloudfront.net *.checkout.com data: 'self' 'unsafe-inline';frame-ancestors 'self';frame-src *.cloudfront.net *.salecycle.com *.adyen.com *.boldchat.com *.tradedoubler.com *.google.com *.euw2.pure.cloud *.demdex.net *.brightcove.net 'self' 'unsafe-inline';img-src *.google.co.in *.googletagmanager.com *.dyson.com.sg  *.cookielaw.org *.zipmoney.com.au *.facebook.com *.doubleclick.net *.mktgcdn.com *.swarovski.com *.dyson.vn *.zip.co *.adyen.com *.demdex.net *.everesttech.net *.dyson.co.uk *.gstatic.com *.omtrdc.net *.euw2.pure.cloud *.afterpay.com *.assetsadobe2.com *.amazonaws.com *.adobe.com *.google-analytics.com *.riskified.com *.bazaarvoice.com *.dyson.sk *.dyson.com.tr data: 'self' 'unsafe-inline';script-src *.googletagmanager.com *.facebook.net *.queue-it.net *.cloudfront.net *.dyson.com *.tradedoubler.com *.salecycle.com https://mt.adobe.launch.script.test.js/ *.zencdn.net *.optimalpeople.fr *.dynatrace.com *.zipmoney.com.au *.zip.co *.google.com *.afterpay.com *.boldchat.com *.newrelic.com *.googleapis.com *.google-analytics.com *.adobedtm.com *.bazaarvoice.com *.optimizely.com *.nr-data.net *.newrelic.com *.euw2.pure.cloud *.go-mpulse.net *.cookielaw.org *.brightcove.net *.nanorep.co *.jsdelivr.net *.amazonaws.com *.riskified.com blob: 'self' 'unsafe-inline' 'unsafe-eval';style-src *.zip.co *.googleapis.com *.optimizely.com *.amazonaws.com *.checkout.com 'self' 'unsafe-inline';object-src *.euw2.pure.cloud 'self' 'unsafe-inline';child-src *.euw2.pure.cloud blob: 'self' 'unsafe-inline';media-src *.brightcove.net *.dyson.com *.s3.amazonaws.com *.cloudfront.net *.assetsadobe.com *.euw2.pure.cloud blob: 'self' 'unsafe-inline';manifest-src 'self' 'unsafe-inline';connect-src *.google.com *.dynatrace.com *.optimalpeople.fr *.euw2.pure.cloud *.akstat.io *.salecycle.com *.doubleclick.net *.google-analytics.com *.zipmoney.com.au *.zip.co *.adyen.com *.cloudfront.net *.nr-data.net *.amazonaws.com *.newrelic.com wss://webmessaging.euw2.pure.cloud *.bazaarvoice.com *.omtrdc.net *.cookielaw.org *.go-mpulse.net *.boldchat.com *.dyson.sk *.nanorep.co *.nanorep.com wss://websocket.bold360.com *.demdex.net *.riskified.com *.edq.com 'self' 'unsafe-inline';base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' ; style-src 'self' 'unsafe-inline' ; img-src 'self' *.gaertner.de; frame-src 'self' https://www.openstreetmap.org ; font-src 'self' ; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
object-src 'none'; script-src 'self' https://cdn.iubenda.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; script-src-attr 'self'; style-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-lWnYKGbhHQNLThFL09l8Ew' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'report-sample' 'self' https://app-script.monsido.com/v2/monsido-script.js https://apps.usw2.pure.cloud/genesys-bootstrap/genesys.min.js https://connect.facebook.net/en_US/fbevents.js https://js.adsrvr.org/up_loader.1.1.0.js https://s.swiftypecdn.com/install/v2/st.js https://sc-static.net/scevent.min.js https://ssl.google-analytics.com/ga.js https://static.ads-twitter.com/uwt.js https://tr.snapchat.com/config/com/f46d0350-ae7f-4886-b620-b497a4d93c9f.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://capidashboard.ialottery.com https://tr.snapchat.com https://tr6.snapchat.com https://www.google-analytics.com; font-src 'self'; frame-src 'self' https://10921257.fls.doubleclick.net https://apps.usw2.pure.cloud https://insight.adsrvr.org https://pixel-sync.sitescout.com https://tr.snapchat.com https://www.youtube.com; img-src 'self' https://analytics.twitter.com https://ssl.google-analytics.com https://t.co https://tracking.monsido.com https://www.facebook.com https://www.google.com; manifest-src 'self'; media-src 'self'; report-uri https://668597ef014602b312931fd2.endpoint.csper.io/?v=0; worker-src 'none'; 1
default-src 'self';  script-src 'report-sample' 'self' 'unsafe-inline' http://*.bing.com https://*.outbrain.com https://*.bing.com https://*.cdn.prismic.io https://*.clarity.ms https://*.cloudflare.com https://*.facebook.net https://*.g.doubleclick.net https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.hsadspixel.net https://*.hubspot.com https://*.licdn.com https://*.matomo.cloud https://*.outbrain.com https://*.prismic.io https://*.survicate.com https://*.termsfeed.com https://*.tiktok.com https://*.usemessages.com https://*.usemessages.comversations-embed.js https://www.youtube.com/iframe_api;  style-src 'report-sample' 'self' 'unsafe-inline' https://*.gstatic.com https://*.survicate.com;  object-src 'none';  base-uri 'self';  connect-src 'self' http://*.outbrain.com https://*.ads.linkedin.com https://*.bing.com https://*.cdn.prismic.io https://*.clarity.ms https://*.facebook.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.hsforms.com https://*.hubapi.com https://*.hubspot.com https://*.iconify.design https://*.jobs.personio.de https://*.matomo.cloud https://*.outbrain.com https://*.simplesvg.com https://*.survicate.com https://*.tiktok.com https://*.unisvg.com https://*.yoummday.com https://google.com https://*.google.com https://*.google-analytics.com;  font-src 'self' data: https://*.survicate.com https://*.gstatic.com;  frame-ancestors 'self';  frame-src 'self' https://*.cloudflare.com https://*.doubleclick.net https://*.facebook.com https://*.prismic.io https://*.youtube.com https://*.zscaler.net;  img-src 'self' data: https://*.ads.linkedin.com https://*.bing.com https://*.clarity.ms https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.g.doubleclick.net https://*.google.ae https://*.google.al https://*.google.ba https://*.google.ch https://*.google.cl https://*.google.co.in https://*.google.co.th https://*.google.co.uk https://*.google.com https://*.google.com https://*.google.com.br https://*.google.com.eg https://*.google.com.mx https://*.google.com.ng https://*.google.com.py https://*.google.com.qa https://*.google.com.tr https://*.google.com.ua https://*.google.de https://*.google.fr https://*.google.ge https://*.google.mk https://*.google.rs https://*.google.sr https://*.google.tn https://*.google.co.ma https://*.google.me https://*.google.ca https://*.google.co.ve https://*.google.com.bd https://*.google.com.ec https://*.google.com.ph https://www.google.hn https://*.google.ca https://*.google.dz https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.hsforms.com https://*.hubspot.com https://*.linkedin.com https://*.matomo.cloud https://*.prismic.io https://*.s3.amazonaws.com https://*.yoummday.com https://*.ytimg.com https://*.doubleclick.net;  manifest-src 'self';  media-src 'self';  report-uri https://66012b0877c15b585b4a4d0f.endpoint.csper.io?v=5;  worker-src 'none'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cognito-identity.eu-west-1.amazonaws.com sts.eu-west-1.amazonaws.com *.googleapis.com *.hotjar.com content.hotjar.io client.rum.us-east-1.amazonaws.com *.doubleclick.net www.barnet.gov.uk adservice.google.com surveystats.hotjar.io *.gstatic.com translate.google.com vc.hotjar.io app.meetami.ai account.barnet.gov.uk dataplane.rum.eu-west-1.amazonaws.com wss://chat.meetami.ai www.googletagmanager.com www.google.co.uk region1.analytics.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: webpack-internal: webpack: https://*.calltouch.ru https://*.calltouch.net wss://ws.calltouch.ru https://ab-ct.ru https://*.addevent.com https://addevent.com https://*.adriver.ru push4site.com https://ads.betweendigital.com https://adservice.google.com https://*.ad.smaato.net https://*.analytics.google.com https://analytics.google.com https://an.yandex.ru https://anycomment.io https://api.enkod.ru https://api-maps.yandex.ru https://api.tomi.ai https://*.bidswitch.net https://bitrix.info https://*.botfaqtor.ru https://*.bumlam.com https://calltouchru.push4site.com https://cdn.accutics.net https://cdn.anycomment.io https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://code.jquery.com/jquery-migrate-1.4.1.min.js https://connect.facebook.net https://const.uno https://*.digitaltarget.ru https://dm.hybrid.ai https://*.facebook.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.googleapis.com https://*.googleusercontent.com https://*.gstatic.com https://*.hybrid.ai https://ib.adnxs.com https://*.integrations-hub.ru https://inv-nets.admixer.net https://leonardo.osnova.io https://linur.dj https://madte.st https://*.mail.ru https://manalyticshub.com https://match.new-programmatic.com/userbind https://mc.yandex.com https://mc.yandex.md https://mc.yandex.ru https://*.openx.net https://*.ops.beeline.ru https://pixel.onaudience.com https://push4site.com https://push4site.com https://redirect.frontend.weborama.fr https://scripts.witstroom.com https://secure.gravatar.com https://ssp.bestssp.com https://static.terratraf.io https://sync.bumlam.com https://tags.soloway.ru https://td.doubleclick.net https://tech.rtb.mts.ru https://*.tildacdn.com https://track.onef.pro https://*.turbotargeting.io https://unpkg.com/swiper@7/ https://us.ck-ie.com https://vk.com https://widget.anycomment.io https://www.1c-bitrix.ru https://www.googleadservices.com https://www.google-analytics.com https://www.google.by https://www.google.co.id https://www.google.com https://www.google.com.cy https://www.google.de https://www.google.me https://www.google.nl https://www.googleoptimize.com https://www.google.pt https://www.google.ru https://www.googletagmanager.com https://www.gstatic.com https://www.w3.org https://www.youtube-nocookie.com https://x01.aidata.io https://yandex.ru https://yastatic.net https://*.youtube.com https://*.ytimg.com wss://mc.yandex.ru ; navigate-to 'self' 'unsafe-allow-redirects' ; report-uri https://sentry.calltouch.net/api/49/security/?sentry_key=051618c290784f49b8f0714d8f3295e5  1
object-src 'none';base-uri 'self';script-src 'nonce-CHk0GHc8YPNVEafUu_QcQw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-dRjUG85q3aS-p1aUoGAZfg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-G_DfzL6oFTVFhr3eLiSYhA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; frame-ancestors 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-k9ccdU8n5jceL2m-NU2atA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
connect-src 'self' *.6sc.co *.6sense.com *.acsbapp.com *.adnxs.com *.agari.com *.analytics.google.com *.company-target.com *.demandbase.com *.doubleclick.net *.g2crowd.com *.googleadservices.com *.google-analytics.com *.googlesyndication.com *.hotjar.com *.hotjar.io *.hsforms.com *.hubspot.com *.linkedin.com *.litix.io *.nr-data.net *.omappapi.com *.trustarc.com *.visualwebsiteoptimizer.com *.wistia.com analytics.google.com wss://ws.hotjar.com 6sense.com adnxs.com doubleclick.net hotjar.com hotjar.io hubspot.com linkedin.com omappapi.com *.cloudflare.com *.cobaltstrike.com *.fontawesome.com cloudflare.com cobaltstrike.com fontawesome.com hsforms.com visualwebsiteoptimizer.com wistia.com ws.hotjar.com *.adroll.com *.ads.linkedin.com *.coresecurity.com acsbapp.com adroll.com coresecurity.com nr-data.net *.g.doubleclick.net; default-src 'self' *.agari.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws; font-src 'self' data: *.gstatic.com *.wistia.com fonts.googleapis.com fonts.googleusercontent.com gstatic.com *.fontawesome.com; frame-src 'self' *.addtoany.com *.adroll.com *.company-target.com *.doubleclick.net *.driftt.com *.trustarc.com fortra.outgrow.us *.youtube.com *.addroll.com *.hsforms.com *.wistia.net; img-src 'self' data: *.6sc.co *.adroll.com *.company-target.com *.coresecurity.com *.d.adroll.com *.fortra.com *.g.doubleclick.net *.google-analytics.com *.googletagmanager.com *.gravatar.com *.helpsystems.com *.hsforms.com *.hubspot.com *.linkedin.com *.omappapi.com *.rlcdn.com *.static.gartner.com *.storychief.com *.trustarc.com *.visualwebsiteoptimizer.com *.wistia.com linkedin.com *.ads.linkedin.com embed-ssl.wistia.com; media-src blob: *.wistia.com; script-src 'self' *.33across.com *.6sc.co *.addtoany.com *.adroll.com *.agari.com *.cloudflare.com *.cloudflareinsights.com *.demandbase.com *.doubleclick.net *.driftt.com *.g2crowd.com *.google-analytics.com *.googletagmanager.com *.hotjar.com *.hs-analytics.net *.hs-banner.com *.hsforms.net *.hsleadflows.net *.hs-scripts.com *.hubspot.com *.intentsify.io *.jsdelivr.net *.licdn.com *.newrelic.com *.omappapi.com *.trustarc.com *.usemessages.com *.visualwebsiteoptimizer.com *.vwo.com *.wistia.com acsbapp.com driftt.com dyv6f9ner1ir9.cloudfront.net getsmartacre.github.io *.beyondsecurity.com *.facebook.net *.radar.cloudflare.com adroll.com cloudflareinsights.com doubleclick.net facebook.net hotjar.com hs-banner.com hsleadflows.net hs-scripts.com hubspot.com licdn.com omappapi.com trustarc.com usemessages.com visualwebsiteoptimizer.com *.a.omappapi.com *.bootstrapcdn.com *.cobaltstrike.com *.fontawesome.com *.jquery.com *.wistia.net bootstrapcdn.com cloudflare.com cobaltstrike.com fontawesome.com hs-analytics.net hsforms.net jquery.com jsdelivr.net wistia.net *.acsbapp.com *.coresecurity.com coresecurity.com g2crowd.com newrelic.com wistia.com *.g.doubleclick.net *.gartner.com *.gstatic.com app-sj26.marketo.com; style-src 'self' *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com *.omappapi.com *.fortra.com *.helpsystems.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=m0sp29U6xxS3TAAOLJGbkR3uRjjIngrdEj0k88mxIaM-1721957537-1.0.1.1-HANd67S0QY9lZPy87IuFjjCfvJP3u5JLKNKkxKBQHI.8crowK7MX30hsbJg8ysTQ7LM2DLQF.zWGjYR3p4mL2mALJmj6A7eI2Loo5m65p2ZMjHJ9347SYpIQrtf3qVKRVblGdAbg3sOCyWtiXTwF7l1ainOBDQw.sdm1K.YvR28dll4OPs7JHTJWhUHXU_fvj8.CE5IVGFIrRTvttX9k0g; report-to cf-pygzybwqgjarkejo 1
default-src 'self'; connect-src 'self' https://s3.eu-de.cloud-object-storage.appdomain.cloud/static-reflection/ https://static-reflection.netlify.app https://i.zamaneh.media https://*.contentinsights.com https://*.smartocto.com https://www.googleapis.com https://attestation.android.com https://securepubads.g.doubleclick.net https://*.googlesyndication.com https://csi.gstatic.com; font-src 'self'; img-src 'self' https://i.zamaneh.media https://*.contentinsights.com https://i.ytimg.com https://www.google.com https://*.doubleclick.net https://*.googlesyndication.com data:; script-src 'self' 'unsafe-inline' *; style-src 'self' 'unsafe-inline'; frame-src https://platform.twitter.com https://www.youtube-nocookie.com https://www.instagram.com https://w.soundcloud.com https://www.google.com https://*.googlesyndication.com https://www.googleadservices.com https://securepubads.g.doubleclick.net; report-uri https://snfbtd92.uriports.com/reports/report; report-to default 1
object-src 'none';base-uri 'self';script-src 'nonce-oyBnsUctghgiWfBYWlILAw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-WpRMgU-beNCNkKHv-9usrg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-yDIReu7N_mMtj4mMbwAELA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri                   https://gfcorporate.report-uri.com/r/d/csp/wizard ;               default-src                   'self'                   www.gfms.com                   gfms.com                   gfcorporate.report-uri.com                   *.google.at *.google.be *.google.cz *.google.dk *.google.fi *.google.fr *.google.de *.google.it *.google.nl *.google.no *.google.pl *.google.ro *.google.ru *.google.es *.google.se *.google.ch *.google.com.tr *.google.co.uk *.google.com.ar *.google.ca *.google.com *.google.com.br *.google.com.mx *.google.com.au *.google.cn *.google.co.in *.google.co.id *.google.co.jp *.google.com.my *.google.co.nz *.google.com.sg *.google.co.kr *.google.com.tw *.google.com.vn *.google.bg *.google.hr *.google.ee *.google.gr *.google.hu *.google.lv *.google.lu *.google.mk *.google.pt *.google.rs *.google.si *.google.com.ph *.google.co.th *.google.com.eg *.google.co.il *.google.co.za *.google.ae ;               connect-src                   'self'                   *.google-analytics.com                   apikeys.civiccomputing.com                   *.googleapis.com                   center.lon5.atomz.com                   clapi.civiccomputing.com                   sp1004e61f.guided.lon5.atomz.com                   sp1004e61a.guided.lon5.atomz.com                   sp1004e5dd.guided.lon5.atomz.com                   stats.g.doubleclick.net                   www.facebook.com                   uberall.com                   locator.uberall.com                   api.moin.ai                   www.gfpstools.com                   cdn.linkedin.oribi.io                   assets.georgfischer.com                   *.analytics.google.com                   *.googletagmanager.com                   *.g.doubleclick.net                   *.google.com                   *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat                   cdn.cookielaw.org                   *.onetrust.com ;               font-src                   'self'                   fonts.gstatic.com                   widget.moin.ai                   static-prod.uberall.com                   static.prod.uberall.com ;               script-src                   'self'                   'unsafe-inline'                   'unsafe-eval'                   *.google-analytics.com                   *.googletagmanager.com                   ajax.googleapis.com                   cc.cdn.civiccomputing.com                   connect.facebook.net                   cdnjs.cloudflare.com                   gstatic.com                   maps.googleapis.com                   siteimproveanalytics.com                   snap.licdn.com                   static-prod.uberall.com                   uberall.com                   locator.uberall.com                   www.youtube.com                   www.pagespeed-mod.com                   www.googleoptimize.com                   mktdplp102cdn.azureedge.net                   www.pagespeed-mod.com                   widget.moin.ai                   platform.contentfry.com                   cdn.cookielaw.org                   cookie-cdn.cookiepro.com                   privacyportal.onetrust.com                   geolocation.onetrust.com                   r1.dotdigital-pages.com                   r1-t.trackedlink.net                   r1.ddlnk.net                   www.googleadservices.com;               style-src                   'self'                   'unsafe-inline'                   'unsafe-eval'                   fonts.googleapis.com                   widget.moin.ai ;               img-src                   'self'                   'unsafe-inline'                   'unsafe-eval'                   data:                   assets.georgfischer.com                   www.linkedin.com                   *.global.siteimproveanalytics.io                   nswow-imageresizer.azurewebsites.net                   px.ads.linkedin.com                   www.facebook.com                   *.google.com                   gfms.com                   www.gfms.com                   static-prod.uberall.com                   static.prod.uberall.com                   www.linkedin.com                   s7e5a.scene7.com                   *.g.doubleclick.net                   *.svc.dynamics.com                   i.ytimg.com                   maps.gstatic.com                   www.gfpstools.com                   locator.uberall.com                   *.amazonaws.com                   *.googletagmanager.com                   *.googleapis.com                   *.google-analytics.com                   *.analytics.google.com                   *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat                   cdn.cookielaw.org                   *.onetrust.com ;               child-src                   'self'                   analytics-eu.clickdimensions.com                   live.solique.ch                   www.youtube.com ;               form-action                   'self' ;               frame-ancestors                   'self' ;               frame-src                   'self'                   'unsafe-inline'                   'unsafe-eval'                   data:                   analytics-eu.clickdimensions.com                   google.com                   ir.tools.investis.com                   irs.tools.investis.com                   live.solique.ch                   recruitingapp-5505.de.umantis.com                   registration.gesevent.com                   six-swiss-exchange.com                   tools.google.com                   uberall.com                   widget.moin.ai                   *.svc.dynamics.com                   www.gfps.com                   ir2.flife.de                   www.youtube.com                   r1.dotdigital-pages.com                   display.contentfry.com                   googletagmanager.com                   youtube.com ; 1
object-src 'none';base-uri 'self';script-src 'nonce-FErRjVp6BEmiROJ_pUb6rQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-WFElWGljqIZ0Qg3cPU9TRQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval';worker-src 'self' blob:; style-src * data: blob: 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce--yIEQ9029jZjERVB7-KG0A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'none'; base-uri 'none'; default-src 'none'; object-src 'self'; media-src 'self'; connect-src 'self' https://www.google-analytics.com https://api-adresse.data.gouv.fr https://grenoblealpesmetropole.matomo.cloud; img-src https: data:; frame-src https:; form-action 'self' https://harpe.grenoble.fr; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; font-src https: data:; report-uri /include/csp.php 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample' blob: data: https://*.google.com https://*.geetest.com https://*.geevisit.com https://www.googletagmanager.com https://appleid.cdn-apple.com https://vk.com https://*.prdredir.com https://analytics.tiktok.com https://connect.facebook.net https://*.appsflyer.com https://*.google-analytics.com https://telegram.org https://*.ada.support https://widget-mediator.zopim.com https://*.coincatch.com https://*.coincatch.cc https://*.bgbstatic.com https://*.gdrichem.com https://gateway.test.95516.com https://*.checkout.com https://gateway.95516.com https://www.facebook.com https://*.youtube.com https://dn-staticdown.qbox.me  https://megacheck.vip https://*.megacheck.vip https://*.saintpay.com https://*.skypay.space https://*.noxiaohao.com https://*.megacheck.net https://megacheck.net https://*.7b7x.com https://7b7x.com https://*.onfido.com https://cdn.builder.io https://www.fedstable.com https://applepay.cdn-apple.com https://*.apple.com https://*.gstatic.com https://*.googleapis.com https://static.zdassets.com https://bat.bing.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://*.hotjar.com https://partner.googleadservices.com https://*.adsrvr.org https://static.ads-twitter.com https://*.glassgs.com https://wcs.naver.net https://*.zendesk.com; connect-src 'self' 'report-sample' data: blob: https://www.googletagmanager.com https://*.google.com https://*.coincatch.com wss://*.coincatch.com https://*.coincatch.cc wss://*.coincatch.cc https://*.google-analytics.com https://analytics.tiktok.com https://*.appsflyer.com https://www.facebook.com https://*.analytics.google.com https://*.ada.support wss://*.ada.support https://wa.onelink.me https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://*.bgbstatic.com  https://*.gdrichem.com https://gateway.test.95516.com https://*.checkout.com wss://*.checkout.com https://gateway.95516.com https://telegram.org https://*.youtube.com https://www.tradingview.com https://api.tronstack.io wss://*.gdrichem.com https://megacheck.vip https://*.megacheck.vip wss://megacheck.vip wss://*.megacheck.vip https://*.megacheck.net wss://*.megacheck.net https://megacheck.net wss://megacheck.net https://*.saintpay.com wss://*.saintpay.com https://*.skypay.space wss://*.skypay.space https://*.noxiaohao.com wss://*.noxiaohao.com https://*.gdrichem.com:8443 https://*.omkbic.com:8443 https://dn-staticdown.qbox.me https://*.7b7x.com https://7b7x.com wss://*.7b7x.com wss://7b7x.com https://*.onfido.com wss://*.onfido.com https://cdn.builder.io https://www.fedstable.com wss://www.fedstable.com wss://stream.fedstable.com https://*.coincatch.com https://*.geetest.com https://*.geevisit.com https://*.zendesk.com wss://*.zendesk.com https://ekr.zdassets.com https://static.zdassets.com https://bat.bing.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://*.hotjar.com wss://*.hotjar.com https://connect.facebook.net https://analytics.pangle-ads.com https://partner.googleadservices.com https://*.gstatic.com https://*.gurenla.com https://*.glassgs.com wss://*.glassgs.com https://*.adsrvr.org https://wcs.naver.net https://wcs.naver.com https://static.ads-twitter.com; frame-src 'self' 'report-sample' blob: data: https://*.coincatch.com https://*.coincatch.cc https://*.google.com https://*.bgbstatic.com https://www.facebook.com https://oauth.telegram.org https://telegram.org https://*.checkout.com https://*.ada.support https://*.youtube.com https://www.googletagmanager.com https://gateway.95516.com https://widget-mediator.zopim.com https://*.gdrichem.com https://gateway.test.95516.com https://*.google-analytics.com https://megacheck.vip https://*.megacheck.vip https://*.saintpay.com https://*.skypay.space https://*.noxiaohao.com https://*.megacheck.net https://megacheck.net https://*.7b7x.com https://7b7x.com https://*.onfido.com https://tpc.googlesyndication.com https://*.glassgs.com https://*.adsrvr.org https://*.adsrvr.cn; frame-ancestors 'self'; report-uri https://65266bb9a5a15fa1ff36a6b6.endpoint.csper.io?v=8; 1
default-src * data: 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.google.com *.gstatic.com *.cloudfront.net *.amazonaws.com *.klevu.com *.fontawesome.com *.googleapis.com *.socialannex.com *.amplighting.com amplighting.com voltlighting.com *.voltlighting.com *.hotjar.com *.bazaarvoice.com *.ksearchnet.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com *.google.com *.gstatic.com www.facebook.com *.amazonaws.com *.amplighting.com amplighting.com voltlighting.com *.voltlighting.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.google.com *.gstatic.com www.facebook.com *.googletagmanager.com *.googleapis.com *.amazonaws.com *.paypalobjects.com www.paypalobjects.com amc.demdex.net fast.amc.demdex.net bid.g.doubleclick.net nsg.symantec.com *.hotjar.com www.youtube.com www.pinterest.com *.twitter.com *.socialannex.net *.amplighting.com amplighting.com voltlighting.com *.voltlighting.com https://nytrng.com/ *.attn.tv *.guarantee-cdn.com ssl.kaptcha.com *.fls.doubleclick.net *.paypal.com *.googlesyndication.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.trackedlink.net d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.affirm.com *.affirm.ca display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.google.com *.klevu.com bat.bing.com *.gstatic.com www.facebook.com connect.facebook.net googleads.g.doubleclick.net www.google.co.in *.amazonaws.com dpm.demdex.net amc.demdex.net *.visualwebsiteoptimizer.com *.powerreviews.com *.cloudfront.net nsg.symantec.com *.wpengine.com www.googletagmanager.com cdn.socialannex.com *.cloudinary.com *.gravatar.com *.adobedtm.com *.amplighting.com amplighting.com voltlighting.com *.voltlighting.com *.b0e8.com *.guarantee-cdn.com *.clarity.ms *.bing.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.lfeeder.com *.shop.pe wt.rqtrk.eu id5-sync.com *.payments-amazon.com guarantee-cdn.com 'self' blob: *.hotjar.com https://bttrack.com *.paypalobjects.com *.googlesyndication.com *.doubleclick.net *.hubspot.com graph.facebook.com business.facebook.com *.ksearchnet.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com *.facebook.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.google.com bat.bing.com *.gstatic.com *.klevu.com www.facebook.com *.cloudfront.net googleads.g.doubleclick.net *.powerreviews.com unpkg.com *.visualwebsiteoptimizer.com *.amazonaws.com *.googletagmanager.com *.googleapis.com js-agent.newrelic.com nsg.symantec.com a.opmnstr.com bam.nr-data.net bam-cell.nr-data.net cdn.socialannex.com *.hotjar.com *.instagram.net cdn.plyr.io stackpath.bootstrapcdn.com dn.jsdelivr.net code.jquery.com *.socialannex.com *.amplighting.com amplighting.com voltlighting.com *.voltlighting.com *.bc0a.com cdn.attn.tv guarantee-cdn.com cdn.b0e8.com *.clarity.ms https://www.google-analytics.com *.lfeeder.com https://shop.pe *.shop.pe wt.rqtrk.eu cdn.id5-sync.com *.blackcrow.ai *.bttrack.com https://bttrack.com *.google.co.in *.googleadservices.com *.authorize.net *.paypal.com www.youtube.com analytics.tiktok.com tpc.googlesyndication.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com js.klevu.com *.ksearchnet.com *.kaptcha.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com display.ugc.bazaarvoice.com *.google.com *.klevu.com *.powerreviews.com *.gstatic.com *.cloudfront.net *.amazonaws.com stats.g.doubleclick.net www.google-analytics.com *.socialannex.com *.amplighting.com amplighting.com voltlighting.com *.voltlighting.com *.hotjar.com *.fontawesome.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.snplow.net commerce.adobedc.net api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.affirm.com *.affirm.ca api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.google.com bat.bing.com *.gstatic.com *.amazonaws.com *.paypal.com *.googletagmanager.com *.googleapis.com *.dotdigital.com dpm.demdex.net amcglobal.sc.omtrdc.net *.cardinalcommerce.com stats.g.doubleclick.net get.geojs.io *.powerreviews.com api.omappapi.com *.wpengine.com bam.nr-data.net bam-cell.nr-data.net stats.ksearchnet.com *.ksearchnet.com *.demdex.net *.socialannex.com *.visualwebsiteoptimizer.com *.amplighting.com amplighting.com voltlighting.com *.voltlighting.com www.facebook.com *.bc0a.com *.clarity.ms *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.lfeeder.com https://shop.pe *.shop.pe *.attn.tv events.attentivemobile.com *.hotjar.com https://google.com lb.eu-1-id5-sync.com id5-sync.com *.hotjar.io wss://*.hotjar.com *.blackcrow.ai https://bttrack.com *.authorize.net analytics.tiktok.com webchat.dotdigital.com webchat.staging.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com *.klevu.com *.kaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com google.com analytics.google.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.voltlighting.com/; report-to report-endpoint; 1
font-src https://cdn.riverty.design/ fonts.gstatic.com all4running.nl *.all4running.nl all4running.be *.all4running.be 21run.com *.21run.com *.dhlparcel.nl https://widgets.trustedshops.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com uc8.tv *.adyen.com all4running.nl *.all4running.nl all4running.be *.all4running.be 21run.com *.21run.com *.facebook.com *.facebook.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ uc8.tv https://documents.riverty.com/ *.adyen.com www.xtento.com all4running.nl *.all4running.nl all4running.be *.all4running.be 21run.com *.21run.com *.doubleclick.net *.facebook.com *.facebook.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com https://cdn.myafterpay.com/ uc8.tv https://cdn.riverty.design/ *.adyen.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com *.imgix.net www.xtento.com cdn.xtento.com all4running.nl *.all4running.nl all4running.be *.all4running.be 21run.com *.21run.com maps.gstatic.com *.googleapis.com *.bing.com *.google.nl *.facebook.com *.facebook.net *.hsforms.net *.hsforms.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com widgets.trustedshops.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.hotjar.com uc8.tv https://cdn.myafterpay.com/ https://cdn.bnpl.riverty.io/ *.adyen.com *.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com all4running.nl *.all4running.nl all4running.be *.all4running.be 21run.com *.21run.com *.dhlparcel.nl *.googleapis.com *.bing.com *.facebook.com *.facebook.net cdn.belco.io *.hsforms.net *.hsforms.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com widgets.trustedshops.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com tagmanager.google.com fonts.google.com all4running.nl *.all4running.nl all4running.be *.all4running.be 21run.com *.21run.com *.dhlparcel.nl https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com uc8.tv https://cdn.myafterpay.com/ https://documents.myafterpay.com/ https://documents.riverty.com/ https://www.afterpay.nl/ https://cdn.bnpl.riverty.io/ https://trace-api.newrelic.com/ https://distributions.crowdin.net/ https://api.crowdin.com/ *.adyen.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com all4running.nl *.all4running.nl all4running.be *.all4running.be 21run.com *.21run.com *.dhlparcel.nl *.googleapis.com *.google.com *.doubleclick.net *.googlesyndication.com cdn.belco.io wss://chat.belco.io t.elasticsuite.io *.hsforms.net *.hsforms.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.googletagmanager.com *.googleapis.com media-cdn.zurich.ch global.oktacdn.com *.gstatic.com apps.mypurecloud.com fast.fonts.com srm.ba.contentsquare.net c.contentsquare.net www.google.ch www.zurich.ch vc.hotjar.io *.linkedin.com region1.analytics.google.com eu-central-1.bots.alphachat.ai apps.mypurecloud.ie *.licdn.com zurich-ch-ext.okta-emea.com *.googleadservices.com metrics.hotjar.io adservice.google.com widget.alphachat.ai www.google.com *.hotjar.com *.visualstudio.com k-aeu1.contentsquare.net *.azure.com *.doubleclick.net *.tealiumiq.com pl.direct.zurich.ch tags.tiqcdn.com *.facebook.net q-aeu1.contentsquare.net *.facebook.com t.contentsquare.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri https://19bba7008ff399c64da2bc7f455a3431.report-uri.com/r/d/csp/reportOnly 1
base-uri 'self'; block-all-mixed-content; default-src 'self'; form-action 'self'; frame-ancestors 'self'; plugin-types 'none'; script-src 'self' 'report-sample' 'unsafe-inline'; style-src 'self' 'report-sample' 'unsafe-inline'; object-src 'none'; worker-src 'none'; report-uri https://prod.ap.batic.cudasvc.com/xenios/api/v1/error/report??paid=151&spid=19904&v=v1.0&payload=dSAYuIr3dIKnrd8EA7WPbbDVyZu_-14YWRHCLq__GNBbvo7fAdmW_8xpUiIK-Bynx6GzlSc41Wmt95PKuF08U9mGFaDs7xLNw9PgbW0VV1H5UqMh0Nx2QXGz03k2IfZDFplqY9TEzCAEDsLQDSqPQPJfK7UxS9aCcd_0ujCF03y1UJXcmsG2724rLLLI0QcFya7u_tXvSxHQCWQrTPCwYg==; 1
object-src 'none';base-uri 'self';script-src 'nonce-AhSzGvVj1wGboOm-I0rspA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
worker-src blob: self; font-src https://fonts.gstatic.com *.cloudfront.net *.cloudflare.com *.google.com *.gstatic.com *.googleapis.com *.bootstrapcdn.com data: *.yotpo.com *.perfectcircuit.com *.affirm.com *.fontawesome.com use.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.kmail-lists.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.syfpos.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src *.doubleclick.net fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.affirm.com *.affirm.ca *.google.com *.mixcloud.com *.spotify.com *.instagram.com *.facebook.com *.gleamjs.io gleam.io *.pepperjamnetwork.com *.perfectcircuit.com unbounce.com *.signifyd.com *.online-metrix.net linkin.bio *.crazyegg.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com syf.demdex.net *.syfpos.com *.syf.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src *.googletagmanager.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.affirm.com *.affirm.ca shipping-offers-static-images-bucket-platformsandbox.s3.amazonaws.com shipping-offers-static-images-bucket-stage.s3.amazonaws.com shipping-offers-static-images-bucket-prod.s3.amazonaws.com shipping-offers-static-images-bucket-dev.s3.amazonaws.com shipping-offers-static-images-bucket-demo.s3.amazonaws.com helloextend-static-assets.s3.amazonaws.com https://s3.amazonaws.com/ccspersistenceprod-contentstaticassets04b201d4-1apqb8dyegznm/offers/learnMoreModal-default-1654273334107-learnMoreModal.backgroundImageUrl_Generic_WomanwithBox2.jpg https://helloextend-static-assets.s3.amazonaws.com *.bootstrapcdn.com *.perfectcircuit.com *.cloudfront.net *.signifyd.com *.facebook.com *.instagram.com *.amazonaws.com *.gleam.io *.yotpo.com *.crazyegg.com *.klaviyo.com *.adroll.com *.google.com *.google.com.ua *.google.de/ *.yahoo.com *.doubleclick.net *.advertising.com *.casalemedia.com *.rubiconproject.com *.pubmatic.com *.outbrain.com *.taboola.com *.adnxs.com *.openx.net *.nr-data.net *.3lift.com *.rlcdn.com *.online-metrix.net *.bidswitch.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.syfpos.com *.syf.com analytics.synchrony.com *.d1.sc.omtrdc.net www.xtento.com cdn.xtento.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src *.redditstatic.com *.stackadapt.com *.googleoptimize.com *.jotform.com *.cycling74.com assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com polyfill.io *.affirm.com *.affirm.ca https://sdk.helloextend.com/ https://*.helloextend.com local.uprf.com *.cloudfront.net *.cloudflare.com *.google.com *.googleadservices.com *.google-analytics.com *.gstatic.com *.fontawesome.com *.paypalobjects.com *.paypal.com *.googletagmanager.com *.bootstrapcdn.com seal.godaddy.com *.cardinalcommerce.com *.klaviyo.com *.zdassets.com *.signifyd.com *.disqus.com *.instagram.com *.newrelic.com *.facebook.net *.facebook.com *.nr-data.net *.gleamjs.io *.yotpo.com *.crazyegg.com *.adroll.com *.consensu.org *.pepperjam.com *.ascendpartner.com *.perfectcircuit.com *.doubleclick.net *.luckyorange.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.syfpos.com analytics.synchrony.com *.mysynchrony.com https://www.googletagmanager.com tagmanager.google.com unpkg.com www.xtento.com cdn.xtento.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.stackadapt.com *.adobe.com https://fonts.googleapis.com self *.cloudfront.net *.cloudflare.com *.googleapis.com *.google.com *.gstatic.com *.fontawesome.com *.youtube.com *.bootstrapcdn.com *.klaviyo.com *.yotpo.com linkin.bio *.crazyegg.com *.affirm.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com *.syfpos.com tagmanager.google.com swellrewards.com *.swellrewards.com fonts.googleapis.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.affirm.com *.affirm.ca https://*.helloextend.com/ https://*.extend.com/ https://*.helloextend.com *.google-analytics.com *.cloudfront.net *.cloudflare.com *.google.com *.cardinalcommerce.com *.klaviyo.com *.zdassets.com *.signifyd.com *.signifyd.com:* *.zendesk.com *.googleapis.com *.facebook.com *.amazonaws.com *.disqus.com *.yotpo.com *.doubleclick.net *.crazyegg.com *.adroll.com *.consensu.org *.nr-data.net *.appspot.com *.visitors.live in.visitors.live *.luckyorange.com realtime.luckyorange.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com google.com *.syfpos.com *.syf.com *.d1.sc.omtrdc.net *.facebook.net swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.klevu.com *.ksearchnet.com checkout.getbread.com *.paypal.com *.google-analytics.com *.mmapiws.com *.doubleclick.net *.searchspring.io *.turnto.com bat.bing.com datalayer.jumpfly.com *.mouseflow.com *.nr-data.net *.newrelic.com *.google.com *.clarity.ms analytics.google.com tgscript.s3.amazonaws.com *.cloudflare.com *.twitter.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com js.klevu.com data: *.shopperapproved.com use.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.shopperapproved.com *.authorize.net *.twitter.com *.facebook.com connect.facebook.net yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.authorize.net *.liveperson.net checkout.getbread.com *.doubleclick.net *.lpsnmedia.net *.google.com *.googletagmanager.com *.facebook.com platform.twitter.com td.doubleclick.net *.twitter.com *.google.co.in www.xtento.com photos.pixlee.co *.weltpixel.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com *.paypalobjects.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://www.shopperapproved.com *.trackedlink.net *.klevu.com *.ksearchnet.com https://meetanshi.com/media/logo.png store.paradoxlabs.com *.cloudflare.com *.gstatic.com *.google.com *.google.co.in *.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com * *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net stats.g.doubleclick.net d.adroll.com pixel.advertising.com pixel.rubiconproject.com simage2.pubmatic.com dsum-sec.casalemedia.com ads.yahoo.com eb2.3lift.com sync.outbrain.com trc.taboola.com x.bidswitch.net/sync ib.adnxs.com idsync.rlcdn.com us-u.openx.net ups.analytics.yahoo.com segments.company-target.com sync.tidaltv.com *.trustgaurd.com content.sprinklerwarehouse.com bat.bing.com www.xtento.com cdn.xtento.com wac.edgecastcdn.net yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.shopperapproved.com https://direct.shopperapproved.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.klevu.com *.ksearchnet.com *.authorize.net *.liveperson.net *.lpsnmedia.net cdn.searchspring.net checkout.getbread.com *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.google.com www.gstatic.com bat.bing.com *.mouseflow.com services.nofraud.com *.doubleclick.net widgets.turnto.com js.klevu.com stats.g.doubleclick.net static.trackedweb.net tgscript.s3.amazonaws.com *.clarity.ms platform.twitter.com connect.facebook.net cdn-ws.turnto.com *.cloudflare.com *.twitter.com *.google.co.in *.facebook.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.paypalobjects.com *.paypal.com chimpstatic.com s.adroll.com d.adroll.com d.adroll.mgr.consensu.org *.bootstrapcdn.com player.vimeo.com content.sprinklerwarehouse.com www.xtento.com cdn.xtento.com *.turnto.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com googletagmanager.com *.lightingwarehouse.com code.jquery.com *.sprinklerwarehouse.com *.vimeo.com *.shopperapproved.com *.breadpayments.com *.gstatic.com accdn.lpsnmedia.net lpcdn.lpsnmedia.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com cdn.searchspring.net widgets.turnto.com fonts.googleapis.com js.klevu.com tgscript.s3.amazonaws.com *.bootstrapcdn.com *.turnto.com tagmanager.google.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com maxcdn.bootstrapcdn.com  *.bootstrapcdn.com *.yotpo.complete content.sprinklerwarehouse.com *.lightingwarehouse.com *.nr-data.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.lpsnmedia.net data: *.trustguard.com content.sprinklerwarehouse.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.klevu.com *.ksearchnet.com *.authorize.net *.lpsnmedia.net data: *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.google.co.in *.facebook.com checkout.getbread.com *.mmapiws.com *.doubleclick.net *.searchspring.io *.turnto.com bat.bing.com datalayer.jumpfly.com *.mouseflow.com *.clarity.ms tgscript.s3.amazonaws.com content.sprinklerwarehouse.com *.facebook.net yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com *.lightingwarehouse.com adservice.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src checkout.getbread.com *.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src use.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com use.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com plumrocket.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com paypal.com * https://maps.google.com/ *.authorize.net *.paypal.com google.com googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cloudinary.com *.cloudinary.com cdnjs.cloudflare.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.braintreegateway.com *.google.com plumrocket.com accounts.google.com xtento.com www.facebook.com vars.hotjar.com tsdtocl.com bakedbymelissa.secure.force.com tst.kaptcha.com *.optimizely.com ct.pinterest.com creatives.attn.tv https://plumrocket.com https://accounts.google.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.bakedbymelissa.com m2prod.bakedbymelissa.com *.demdex.net googleadservices.com google-analytics.com paypal.com *.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de cloudinary.com *.cloudinary.com *.stats.paypal.com xtento.com cdn.xtento.com self unsafe-inline *.googleadservices.com *.google-analytics.com paypalobjects.com px.ads.linkedin.com *.klaviyo.com fast.a.klaviyo.com *.taboola.com *.bing.com *.twitter.com idsync.rlcdn.com *.google.com *.google.co.in *.clarity.ms facebook.com *.pinterest.com *.adroll.com cm.g.doubleclick.net dsum-sec.casalemedia.com *.bidswitch.net *.rubiconproject.com *.openx.net *.advertising.com *.outbrain.com *.pubmatic.com *.yahoo.com *.3lift.com *.adnxs.com *.eb2.3lift.com *.inspectlet.com t.co www.facebook.com sealserver.trustwave.com www.trustlogo.com maps.gstatic.com maps.googleapis.com services.postcodeanywhere.co.uk secure.trust-provider.com www.linkedin.com p.adsymptotic.com segments.company-target.com testgvbgjbhjb.com assets.codepen.io google.com www.fitnesspark.fr gwiq-v3.globalwebindex.net platform.rtbiq.com adventori.com sync.im-apps.net uipglob.semasio.net nxtck.com zdbb.net ds.reson8.com track.linksynergy.com pippio.com tags.rd.linksynergy.com sync.mathtag.com match.adsrvr.org s.amazon-adsystem.com usermatch.krxd.net beacon.krxd.net tags.bluekai.com gum.criteo.com idsync.reson8.com sync-tm.everesttech.net loadm.exelator.com ads.scorecardresearch.com d.turn.com pm.w55c.net lrpush.apxlv.com gpush.cogocast.net adadvisor.net p.rfihub.com bcp.crwdcntrl.net beacon.walmart.com um.simpli.fi d7881004885063302109-t7648079750282670895.id.amgdgt.com *.id.amgdgt.com pixel.sitescout.com lrp.mxptint.net sync.srv.stackadapt.com rtb.adentifi.com match.prod.bidr.io cw.addthis.com sync.ipredictive.com sync.tidaltv.com x.dlx.addthis.com pixel.tapad.com epiv.cardlytics.com aa.agkn.com www.entitytag.co.uk ads.avocet.io rtb-csync.smartadserver.com px.owneriq.net bttrack.com pixel.spotify.com usersync-b3.videoamp.com ssum.casalemedia.com ads.undertone.com evt.undertone.com a.tribalfusion.com *.tribalfusion.com s.tribalfusion.com dps.admission.net ps.eyeota.net pxl.jivox.com cs.choozle.com ml314.com seg.sharethis.com mpp.vindicosuite.com liveramp2waycm-atl.netmng.com global.ib-ibi.com odr.mookie1.com dp-sync.dotomi.com pixel.prfct.co crb.kargo.com su.addthis.com aorta.clickagy.com d.agkn.com stags.bluekai.com sync.crwdcntrl.net u.fg8dgt.com fzlnk.com ums.acuityplatform.com synchroscript.deliveryengine.adswizz.com apolloprogram.io sync.smartadserver.com www.storygize.net mmtro.com live.rezync.com wam.solution.weborama.fr p.tvpixel.com img.webmd.com sync.1rx.io sync.targeting.unrulymedia.com cm.ctnsnet.com t.myvisualiq.net tag.clrstm.com dp2.33across.com fei.pro-market.net vop.sundaysky.com load.instinctiveads.com b1sync.zemanta.com ag.innovid.com cm.adgrx.com cm.eyereturn.com x.skimresources.com track2.securedvisit.com cmi.netseer.com c.us1.dyntrk.com secure.insightexpressai.com services.xg4ken.com magnetic.t.domdex.com sync.mediawallahscript.com action.media6degrees.com jadserve.postrelease.com p.mmsho.com trkn.us io.narrative.io pt.ispot.tv www.totaljobs.com prod.y-medialink.com soundwave.bnmla.com dsp.adfarm1.adition.com fr.shopping.rakuten.com/ player.inu.la fksnk.com tg.socdm.com alb.reddit.com https://img.youtube.com www.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.pcapredict.com *.adobedtm.com *.authorize.net *.queue-it.net *.hotjar.com googleadservices.com google-analytics.com *.google-analytics.com paypalobjects.com paypal.com *.braintreegateway.com *.ytimg.com googleapis.com gstatic.com *.cardinalcommerce.com googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klaviyo.com fast.a.klaviyo.com cloudinary.com *.cloudinary.com cdnjs.cloudflare.com *.trackedlink.net *.trackedweb.net webchat.dotdigital.com cdn.dnky.co s7.addthis.com google.com https://accounts.google.com xtento *.xtento self unsafe-inline unsafe-eval *.adroll.com static.ads-twitter.com snap.licdn.com/ static.zdassets.com *.pinimg.com *.bing.com cdn.attn.tv *.facebook.net cdn.pdst.fm *.taboola.com analytics.tiktok.com *.liadm.com tag.rmp.rakuten.com ut.rd.linksynergy.com *.inspectlet.com tags.crwdcntrl.net clarity.ms *.clarity.ms facebook.com www.trustlogo.com sealserver.trustwave.com services.postcodeanywhere.co.uk maps.googleapis.com button.aftership.com secure.trust-provider.com ws.zoominfo.com static.cloudflareinsights.com widget-mediator.zopim.com *.optimizely.com www.redditstatic.com https://www.gstatic.com www.xtento.com cdn.xtento.com js-agent.newrelic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com fonts.googleapis.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com https://static.klaviyo.com services.postcodeanywhere.co.uk use.fontawesome.com https://accounts.google.com https://www.gstatic.com *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com paypal.com *.cardinalcommerce.com *.google.com google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klaviyo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de cdn.swellrewards.com cloudinary.com *.cloudinary.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com ekr.zdassets.com *.braintreegateway.com self unsafe-inline google-analytics.com sandbox.paypal.com paypalobjects.com accounts.google.com *.bakedbymelissa.com *.cloudfunctions.net *.liadm.com *.g.doubleclick.net *.pinterest.com *.taboola.com *.clarity.ms bakedbymelissa.zendesk.com m2staging.bakedbymelissa.com wss://widget-mediator.zopim.com wss://ws.inspectlet.com *.inspectlet.com d.adroll.com *.crwdcntrl.net/6/map analytics.tiktok.com services.postcodeanywhere.co.uk maps.googleapis.com *.hotjar.com wss://ws29.hotjar.com ekr.zendesk.com bakedbymelissa.attn.tv events.attentivemobile.com bat.bing.com ws7.hotjar.com vc.hotjar.io wss://ws9.hotjar.com wss://*.hotjar.com *.optimizely.com ekr.zdassets.com/ https://accounts.google.com bam.nr-data.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-xFKmuYhdYF20myMUIGQ8Rw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src maxcdn.bootstrapcdn.com *.fontawesome.com https://cdnjs.cloudflare.com https://*.m2.p74.dbm-local.com https://*.m2.p74.dbm-dev.com https://*.tendance-parfums.com https://*.clarity.ms https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.facebook.com platform.twitter.com https://www.youtube-nocookie.com https://maps.google.fr https://www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.apptrian.com https://images.unsplash.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com https://*.m2.p74.dbm-local.com https://*.m2.p74.dbm-dev.com https://*.tendance-parfums.com https://*.clarity.ms https://*.bing.com https://*.google.fr https://*.google.com https://maps.googleapis.com https://maps.gstatic.com https://axeptio.imgix.net https://www.googletagmanager.com https://*.doubleclick.net https://favicons.axept.io 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com www.apptrian.com jquery.sellxed.com https://*.axept.io connect.facebook.net twitter.com platform.twitter.com https://cdnjs.cloudflare.com https://*.m2.p74.dbm-local.com https://*.m2.p74.dbm-dev.com https://*.tendance-parfums.com https://*.clarity.ms https://*.googletagmanager.com https://maps.googleapis.com https://*.bing.com https://*.google.com https://*.google.fr https://*.doubleclick.net https://*.cloudflare.com/ https://www.gstatic.com https://www.googleapis.com https://diffuser-cdn.app-us1.com https://prism.app-us1.com https://trackcmp.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com maxcdn.bootstrapcdn.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://*.m2.p74.dbm-local.com https://*.m2.p74.dbm-dev.com https://*.tendance-parfums.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com 'self' 'unsafe-inline'; manifest-src https://*.m2.p74.dbm-local.com https://*.m2.p74.dbm-dev.com https://*.tendance-parfums.com 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com www.apptrian.com https://client.axept.io https://api.axept.io https://*.m2.p74.dbm-local.com https://*.m2.p74.dbm-dev.com https://*.tendance-parfums.com https://*.clarity.ms https://*.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://maps.googleapis.com https://www.facebook.com https://www.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://*.m2.p74.dbm-local.com https://*.m2.p74.dbm-dev.com https://*.tendance-parfums.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://*.m2.p74.dbm-local.com https://*.m2.p74.dbm-dev.com https://*.tendance-parfums.com 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-l-eX1aAodbhSzCFQXvSw7g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-xomYjuq3k-WmkoVQOD5v9w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https://*.sentry-cdn.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'nonce-3e19d0ef-9f0e-4993-b705a1df6079e6bb' 'unsafe-inline' 'strict-dynamic' false; style-src 'self' https://tagmanager.google.com https://fonts.googleapis.com https://*.hotjar.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com https://*.hotjar.com; img-src 'self' data: https: blob:; connect-src 'self' https://*.ingest.sentry.io https://*.googleapis.com https://*.g.doubleclick.net https://consentcdn.cookiebot.com https://consent.cookiebot.com https://*.googletagmanager.com false *.google-analytics.com *.analytics.google.com www.facebook.com https://www.google.de/ads https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'nonce-3e19d0ef-9f0e-4993-b705a1df6079e6bb'; worker-src 'self' blob:; frame-ancestors 'self' https://*.cookiebot.com; form-action 'self' *.facebook.com https://*.cookiebot.com; frame-src 'self' https://*.trustpilot.com https://*.cookiebot.com *.facebook.com; report-uri https://o153269.ingest.sentry.io/api/5947271/security/?sentry_key=e053727f27894f56ab910e7f94e49808; base-uri 'none'; object-src 'none' 1
default-src 'self' *.aswo.com *.euras.com *.aswo.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.aswo.com *.euras.com *.aswo.net ; style-src 'self' 'unsafe-inline' *.aswo.com *.euras.com *.aswo.net ; img-src 'self' 'unsafe-inline' *.aswo.com *.euras.com *.aswo.net data: ; font-src 'self' 'unsafe-inline' *.aswo.com *.euras.com *aswo.net ; connect-src 'self' *.aswo.com *.euras.com *aswo.net ; object-src 'self' 'unsafe-inline' *.aswo.com *.euras.com *.aswo.net ; report-uri /log881.php; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com 'unsafe-inline' data: *.listrakbi.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.fontawesome.com *.livehelpnow.net *.listrakbi.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.facebook.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.listrakbi.com *.livehelpnow.net *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.fontawesome.com *.livehelpnow.net *.listrakbi.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.livehelpnow.net 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net qa-api.magedevteam.com *.fontawesome.com *.listrakbi.com wss://*.livehelpnow.net *.livehelpnow.net *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.weltpixel.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.twitter.com *.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io store.paradoxlabs.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.gstatic.com https://translate.googleapis.com https://fonts.gstatic.com http://translate.google.com *.adobe.com https://meetanshi.com/media/logo.png www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.google.com www.google.com.ua *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.googletagmanager.com tagmanager.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://translate.googleapis.com http://translate.google.com www.googletagmanager.com https://translate-pa.googleapis.com *.avada.io *.authorize.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com https://chimpstatic.com ss.rubberb.com https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src tagmanager.google.com downloads.mailchimp.com https://static.klaviyo.com www.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.google-analytics.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://translate.googleapis.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com  *.sandbox.paypal.com *.paypalobjects.com https://get.geojs.io *.avada.io *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.twitter.com *.twimg.com ss.rubberb.com https: 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.fr ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com *.google-analytics.com *.analytics.google.com sanalytics.spreadshirt.fr *.spreadshirt.fr ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.google-analytics.com *.analytics.google.com *.spreadshirt.fr ; font-src 'self' https: data: *.spreadshirt.fr ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.fr ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.fr ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
object-src 'none';base-uri 'self';script-src 'nonce-wOSB3jEwwK0NHElet8hCbQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-VqOM5n_hM6TOJeYhK5NOmg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline'  *.jsdelivr.net *.googletagmanager.com *.paypal.com *.redsys.es https://sis-t.redsys.es:25443 sibautomation.com *.facebook.net  *.ads-twitter.com *.twitter.com; font-src 'self' *.jsdelivr.net *.typekit.net data:; connect-src 'self' *.google-analytics.com analytics.google.com stats.g.doubleclick.net *.paypal.com in-automate.sendinblue.com  *.facebook.com; img-src 'self' data: https: http:; style-src 'self' 'unsafe-inline' *.jsdelivr.net *.typekit.net; frame-src *.vimeo.com *.paypal.com sibautomation.com *.facebook.com vimeo.com 1
object-src 'none';base-uri 'self';script-src 'nonce-a8DHliydk_-W_dsLfyR5Qg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'self';default-src 'self';script-src 'nonce-9LpPmvMqEfEEKX4fAbt05w==' 'strict-dynamic'  ;style-src 'self' 'report-sample' 'unsafe-inline' campaigns.zoho.eu cdn.jsdelivr.net fonts.googleapis.com tagmanager.google.com unpkg.com www.googletagmanager.com;object-src 'none';frame-src 'self' *.gstatic.com *.google.com *.youtube.com  *.doubleclick.net *.googlesyndication.com  consentcdn.cookiebot.com maps.googleapis.com maps.google.com www.youtube-nocookie.com www.googletagmanager.com;child-src 'self' www.youtube.com www.googletagmanager.com;img-src 'self' data: blob: https://googleads.g.doubleclick.net https://imgsct.cookiebot.com *.gstatic.com *.google-analytics.com *.google.com *.google.es *.googleapis.com *.ggpht.com *.ytimg.com *.youtube.com campaigns.zoho.eu campaign-image.eu cdn.jsdelivr.net maps.googleapis.com unpkg.com www.googletagmanager.com;font-src 'self' data: cdn.jsdelivr.net fonts.googleapis.com fonts.gstatic.com unpkg.com;connect-src 'self' https://googleads.g.doubleclick.net https://www.gstatic.com https://unpkg.com *.googlesyndication.com *.google.com cdn.jsdelivr.net consentcdn.cookiebot.com fonts.gstatic.com fonts.googleapis.com maps.googleapis.com nisu-zcmp.maillist-manage.eu stats.g.doubleclick.net undefined www.google-analytics.com www.googletagmanager.com region1.google-analytics.com;manifest-src 'self';base-uri 'self';form-action 'self';media-src 'self';worker-src 'self'; 1
default-src 'self'; connect-src 'self' https://dnnapi.com https://stats-api.flockler.app https://api.flockler.app https://plugins.flockler.com https://maps.googleapis.com https://www.google-analytics.com https://vimeo.com https://issuu.com https://code.jquery.com https://sentry.issuu.com https://api.flockler.com; font-src 'self' data: https://dnnapi.com https://use.fontawesome.com https://fonts.gstatic.com https://use.typekit.net; frame-src 'self' https://www.youtube-nocookie.com https://e.issuu.com https://maps.google.com https://www.google.com https://platform.twitter.com https://syndication.twitter.com https://player.vimeo.com https://www.youtube.com https://livestream.com https://vimeo.com https://media-api.flockler.com https://*.cloudflarestream.com; img-src 'self' data: blob: https://flockler.com https://fl-1.cdn.flockler.com https://media-api.flockler.com https://s3.amazonaws.com/ https://supporting-cast.blubrry.net https://scontent-sjc3-1.cdninstagram.com https://scontent.cdninstagram.com https://d31hzlhk6di2h5.cloudfront.net https://dnnapi.com https://images.e2ma.net https://fonts.googleapis.com https://maps.googleapis.com https://www.google-analytics.com https://fonts.gstatic.com https://maps.gstatic.com https://www.hw.com https://code.jquery.com https://psb.twimg.com https://abs-0.twimg.com https://platform.twitter.com https://syndication.twitter.com https://i.vimeocdn.com https://ajax.googleapis.com https://*.cdninstagram.com https://www.googletagmanager.com https://*.xx.fbcdn.net; report-to cspEndpoint; report-uri https://www.hw.com/about/Content-Security-Policy; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fl-1.cdn.flockler.com https://ajax.aspnetcdn.com https://cdnjs.cloudflare.com https://dnnapi.com https://www.google.com https://fonts.googleapis.com https://maps.googleapis.com https://www.google-analytics.com https://www.gstatic.com https://graph.instagram.com https://e.issuu.com https://code.jquery.com https://cdn.syndication.twimg.com https://platform.twitter.com https://player.vimeo.com https://www.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' https://plugins.flockler.com https://ajax.aspnetcdn.com https://cdnjs.cloudflare.com https://dnnapi.com https://e.issuu.com https://www.google.com/ https://fonts.googleapis.com https://maps.googleapis.com https://www.google-analytics.com https://www.gstatic.com https://graph.instagram.com https://code.jquery.com https://cdn.syndication.twimg.com https://platform.twitter.com https://player.vimeo.com https://www.googletagmanager.com https://cdn.datatables.net; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.gstatic.com https://code.jquery.com https://ajax.googleapis.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://plugins.flockler.com https://use.fontawesome.com https://fonts.googleapis.com https://www.google-analytics.com https://www.gstatic.com https://code.jquery.com https://ajax.googleapis.com https://use.typekit.net https://p.typekit.net; media-src 'self' https://media-api.flockler.com https://content.blubrry.com https://media.blubrry.com https://player.vimeo.com https://download-video.akamaized.net; style-elem 'self' https://use.typekit.net; 1
font-src *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com *.googleapis.com *.livechatinc.com *.acsbap.com *.acsbapp.com https://acsbapp.com/apps/app/dist/fonts/ *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com www.googletagmanager.com www.google-analytics.com *.icims.eu www.youtube.com cookiepedia.co.uk www.linkedin.com www.google.co.uk www.instagram.com onlinelibrary.wiley.com www.alzheimer-europe.org *.livechatinc.com *.trustpilot.com *.trustpilot.net *.apetito.integration-5ojmyuq-lhjhdamkykkd6.eu-3.magentosite.cloud *.wiltshirefarmfoods.com https://seo.mageplaza.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com vars.hotjar.com www.facebook.com www.linkedin.com www.google.co.uk www.instagram.com onlinelibrary.wiley.com www.alzheimer-europe.org *.livechatinc.com *.trustpilot.com *.trustpilot.net *.apetito.integration-5ojmyuq-lhjhdamkykkd6.eu-3.magentosite.cloud *.wiltshirefarmfoods.com td.doubleclick.net pagead2.googlesyndication.com analytics.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com www.youtube.com validator.swagger.io *.trackedlink.net *.amplience.net fpdbs.paypal.com fpdbs.sandbox.paypal.com *.yotpo.com p.adsymptotic.com bat.bing.com www.facebook.com cdn-ukwest.onetrust.com *.livechatinc.com cookiesuksouth.blob.core.windows.net www.google.co.in px.ads.linkedin.com cookiepedia.co.uk www.linkedin.com www.google.co.uk www.instagram.com onlinelibrary.wiley.com www.alzheimer-europe.org *.wiltshirefarmfoods.com *.trustpilot.com *.trustpilot.net *.apetito.integration-5ojmyuq-lhjhdamkykkd6.eu-3.magentosite.cloud *.postcodeanywhere.co.uk acsbap.com acsbapp.com *.acsbap.com *.acsbapp.com https://cdn.acsbapp.com/apps/app/dist/media/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com *.cardinalcommerce.com geo.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.onetrust.com *.livechatinc.com static.hotjar.com www.gstatic.com *.stripe.com *.trustpilot.com maps.googleapis.com *.pcapredict.com snap.licdn.com connect.facebook.net bat.bing.com secure.leadforensics.com js-agent.newrelic.com script.hotjar.com ict.infinity-tracking.net cookiepedia.co.uk www.linkedin.com www.google.co.uk www.instagram.com onlinelibrary.wiley.com www.alzheimer-europe.org *.trustpilot.net *.bam.nr-data.net *.apetito.integration-5ojmyuq-lhjhdamkykkd6.eu-3.magentosite.cloud *.wiltshirefarmfoods.com *.dwin1.com acsbap.com acsbapp.com *.acsbap.com *.acsbapp.com https://acsbapp.com/apps/app/dist/ https://acsbapp.com/apps/app/assets/js/ td.doubleclick.net pagead2.googlesyndication.com *.conoret.com https://services.postcodeanywhere.co.uk klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.postcodeanywhere.co.uk *.fontawesome.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.ideal-postcodes.co.uk *.stripe.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com maps.googleapis.com *.onetrust.com *.livechatinc.com bam.nr-data.net in.hotjar.com ict.infinity-tracking.net stats.g.doubleclick.net bat.bing.com www.youtube.com cookiepedia.co.uk www.linkedin.com www.google.co.uk www.instagram.com onlinelibrary.wiley.com www.alzheimer-europe.org *.trustpilot.com *.trustpilot.net *.apetito.integration-5ojmyuq-lhjhdamkykkd6.eu-3.magentosite.cloud *.wiltshirefarmfoods.com acsbap.com acsbapp.com *.acsbap.com *.acsbapp.com *.wikipedia.org/w/api.php https://process.acsbapp.com/apps/app/ https://cdn.acsbapp.com/resources/ https://cdn.acsbapp.com/cache/app/ https://cdn.acsbapp.com/config/ https://acsbapp.com/apps/app/assets/js/ td.doubleclick.net pagead2.googlesyndication.com https://services.postcodeanywhere.co.uk klarna.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.dwin1.com https://*.awin1.com https://bat.bing.com https://api.bounce-commerce.de https://*.mediashop.bloomreach.cloud https://recommender.scarabresearch.com https://webchannel-content.eservice.emarsys.net https://www.facebook.com https://*.google.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.at https://*.google.de https://*.google.ch https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://api.addressy.com *.nr-data.net *.nosto.com https://*.paypal.com https://ct.pinterest.com https://*.sovendus.com https://analytics.tiktok.com *.usercentrics.eu wss://umd.userlike.com umd.userlike.com api.userlike.com userlike-cdn-web.b-cdn.net www.userlike.com blob: userlike-cdn-widgets.s3-eu-west-1.amazonaws.com; default-src 'self'; font-src 'self' data: https://script.hotjar.com; frame-src * data: blob: https://vars.hotjar.com meine-einkaufswelt.prod.welocal.cloud https://*.paypal.com https://ct.pinterest.com https://www.sovendus-connect.com *.usercentrics.eu api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.userlike.com userlike-cdn-umm.b-cdn.net www.youtube.com player.vimeo.com youtube.com; img-src 'self' blob: data: https: https://*.dwin1.com https://*.awin1.com https://bat.bing.com https://www.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.at https://www.google.de https://www.google.ch https://www.google.com https://googleads.g.doubleclick.net  https://static.hotjar.com https://script.hotjar.com https://icons.parcellab.com https://ct.pinterest.com https://trck.spoteffects.net *.usercentrics.eu userlike-cdn-operators.userlike.com userlike-cdn-web.b-cdn.net www.userlike.com userlike-store-media-files.s3.amazonaws.com i.ytimg.com https://i.ytimg.com; object-src 'none'; script-src 'nonce-az6nHp/cQJr3ZHASP3iWjg==' 'strict-dynamic' https://*.dwin1.com https://*.awin1.com https://bat.bing.com api.bounce-commerce.de https://*.mediashop.bloomreach.cloud *.scarabresearch.com https://connect.facebook.net https://*.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://static.hotjar.com https://script.hotjar.com meine-einkaufswelt.prod.welocal.cloud js-agent.newrelic.com *.nr-data.net *.nosto.com *.cloudfront.net https://cdn.parcellab.com https://*.paypal.com https://s.pinimg.com https://api.sovendus.com https://trck.spoteffects.net https://analytics.tiktok.com *.usercentrics.eu 'unsafe-eval' 'self' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.userlike.com userlike-cdn-umm.b-cdn.net www.youtube.com; style-src 'self' https://*.mediashop.bloomreach.cloud 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com; worker-src 'none'; child-src 'self' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.userlike.com userlike-cdn-umm.b-cdn.net blob:; media-src userlike-cdn-umm.b-cdn.net userlike-store-media-files.s3.amazonaws.com www.userlike.com; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.winterparkresort.com *.adsrvr.org sdk.inbenta.io assets.adobedtm.com *.tiktok.com use.typekit.net *.clarity.ms cookies.alterramtnco.com *.everesttech.net p.typekit.net api.trustyou.com kit.fontawesome.com *.facebook.net cdn.cookielaw.org www.pages08.net analytics.google.com my.matterport.com api.mapbox.com images.inntopia.com *.sojern.com lifts-and-trails.netlify.app www.sc.pages08.net cdn.inbenta.io images.letsway.com *.onetrust.com adservice.google.com www.datadoghq-browser-agent.com apolloprogram.io www.googletagmanager.com www.inntopia.travel www.google.com *.adnxs.com *.adform.net *.vimeo.com *.omtrdc.net aws-cdn.inntopia.com *.doubleclick.net bat.bing.com ka-p.fontawesome.com *.facebook.com vimeo.com rum.browser-intake-us3-datadoghq.com edge.adobedc.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.dentalkart.com dentalkart.com fusion.ameyoemerge.in:8887 www.googletagmanager.com analytics.notifyvisitors.com www.googleadservices.com www.google-analytics.com *.hotjar.com connect.facebook.net *.google.com ssl.gstatic.com checkout.razorpay.com *.cloudmaestro.com googleads.g.doubleclick.net www.gstatic.com www.notifyvisitors.com cdnp.notifyvisitors.com cdn.notifyvisitors.com s3.amazonaws.com push.notifyvisitors.com cdnjs.cloudflare.com ajax.googleapis.com assets.adobedtm.com s.pinimg.com cdn1.stamped.io c.webengage.com ssl.widgets.webengage.com notification.webengage.com js-cdn.dynatrace.com sentry.io 1
object-src 'none';base-uri 'self';script-src 'nonce-Uw7iEvCiQY44fsbqdLeHBQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-zLAWPqqOtz-aqSVcBrZOoQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-GANj_15-AvzFGftLBufAEg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-oujt-J5Rc2a88vTTP_prXA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; connect-src 'self' https://static.parallels.com https://support.parallels.com https://kb.parallels.com https://forum.parallels.com https://status.parallels.com https://*.cookielaw.org https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://chatbeacon.corel.com wss://chatbeacon.corel.com; img-src 'self' https://*.google-analytics.com https://analytics.google.com https://*.googletagmanager.com https://cdn.cookielaw.org https://static.parallels.com https://static.myparallels.com https://www.parallels.com data:; font-src 'self' https://static.parallels.com https://static.myparallels.com; frame-src 'self' https://kb.parallels.com https://www.corel.com https://chatbeacon.corel.com; script-src 'self' https://*.google-analytics.com https://*.googletagmanager.com https://appleid.cdn-apple.com https://status.parallels.com https://*.cookielaw.org 'unsafe-inline'; script-src-elem 'self' https://*.google-analytics.com https://*.googletagmanager.com https://appleid.cdn-apple.com https://status.parallels.com https://*.cookielaw.org 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://static.parallels.com; object-src 'none'; report-uri https://my.parallels.com/csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-2vH2_dXOcJ69BADZMB6qaw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.squarecdn.com *.alothemes.com *.magepow.com *.cloudfront.net *.reviews.io *.reviews.co.uk 'self' data: *.zopim.com fonts.gstatic.com staticw2.yotpo.com https://*.hotjar.com cdn-4.convertexperiments.com *.googleapis.com *.icomoon.io *.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.reviews.io *.reviews.co.uk *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.reviews.io *.reviews.co.uk *.criteo.com *.criteo.net https://www.paypalobjects.com https://tst.kaptcha.com https://ssl.kaptcha.com *.addthis.com *.doubleclick.net https://*.hotjar.com cdn-4.convertexperiments.com *.pinterest.com *.afterpay.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.afterpay.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://img.youtube.com *.alothemes.com *.magepow.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudfront.net *.reviews.io *.reviews.co.uk 'self' data: *.klaviyo.com *.gstatic.com *.google.com *.googleadservices.com https://www.google-analytics.com https://www.paypalobjects.com *.googleapis.com *.cloudflare.com *.pinterest.com *.revcontent.com *.clmbtech.com *.bing.com *.tapad.com *.criteo.com *.addthis.com *.yahoo.com *.outbrain.com *.pubmatic.com *.3lift.com *.media.net *.bidswitch.net *.casalemedia.com *.taboola.com *.teads.tv *.smartadserver.com *.sharethrough.com *.360yield.com *.liadm.com *.postrelease.com *.tremorhub.com *.stickyadstv.com *.mediavine.com *.yieldmo.com *.turn.com *.bluekai.com *.krxd.net *.agkn.com *.smaato.net *.emxdgt.com *.adnxs.com *.doubleclick.net *.mediawallahscript.com *.rlcdn.com *.zopim.com cdn.searchspring.net *.pippio.com pippio.com https://beacon.walmart.com *.searchspring.io *.blogspot.com *.rubiconproject.com *.omnitagjs.com https://ws.rqtrk.eu/ https://*.hotjar.com cdn-4.convertexperiments.com *.convertexperiments.com *.cdninstagram.com *.amazonaws.com *.clarity.ms *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com *.alothemes.com *.magepow.com https://connect.facebook.net connect.facebook.net graph.facebook.com business.facebook.com *.reviews.io *.reviews.co.uk www.google.com www.gstatic.com maps.googleapis.com 'self' data: *.google.com https://googleads.g.doubleclick.net *.klaviyo.com s.pinimg.com *.criteo.net *.criteo.com *.searchspring.net *.searchspring.io *.zopim.com https://static.zdassets.com https://z.moatads.com *.addthis.com *.addthisedge.com https://cdn.acsbapp.com *.googleadservices.com https://www.google-analytics.com https://analytics.google.com https://analytics.tiktok.com https://*.hotjar.com cdn-4.convertexperiments.com player.vimeo.com *.site24x7rum.com *.clarity.ms https://cdn.searchspring.net/intellisuggest/is.min.js https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ *.squarecdn.com unsafe-inline assets.braintreegateway.com https://static.klaviyo.com *.alothemes.com *.magepow.com *.cloudfront.net *.reviews.io *.reviews.co.uk 'self' data: *.klaviyo.com *.yotpo.com https://*.hotjar.com cdn-4.convertexperiments.com *.googleapis.com player.vimeo.com *.icomoon.io tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ *.alothemes.com *.magepow.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.klaviyo.com *.pinterest.com *.searchspring.io *.googleapis.com *.doubleclick.net *.zendesk.com *.zopim.com wss://widget-mediator.zopim.com/ https://api-js.datadome.co/ https://cdn.acsbapp.com *.googleadservices.com https://www.google-analytics.com *.addthis.com https://analytics.tiktok.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com cdn-4.convertexperiments.com logs.convertexperiments.com https://beacon.searchspring.io/beacon *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://ed914368-2c72-4b16-a9e8-feba9261bfe1.sansec.watch/; report-to report-endpoint; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net *.facebook.com www.cemexgo.com js.cobrowse.io *.eloqua.com *.facebook.net cdn.walkme.com *.gstatic.com counter.personyze.com ec-playback.walkme.com jqtmdiy716.execute-api.us-east-1.amazonaws.com *.googleapis.com *.linkedin.com www.google-analytics.com c.contentsquare.net papi.walkme.com www.google.co.uk conversation-user.aivo.co push.rollout.io *.hotjar.com s3.walkmeusercontent.com service.maxymiser.net customer.experience.cemex.com t.contentsquare.net *.licdn.com count.personyze.com www.google.fr agentcore.s3.amazonaws.com metrics.hotjar.io playerserver.walkme.com *.qualtrics.com www.google.com cemex.count.ly conf.rollout.io *.dynatrace.com www.google.com.mx cdn.personyze.com statestore.rollout.io checkout.merchant.jpmorgan.com tags.bkrtx.com s3.amazonaws.com region1.analytics.google.com analytics.google.com csxd.contentsquare.net analytic.rollout.io cdn.agentbot.net adapter.aivo.co www.google.com.eg www.google.com.co *.bluekai.com img04.en25.com counter2.personyze.com cdn.jsdelivr.net www.googletagmanager.com sentry.aivo.co *.visualstudio.com ec.walkme.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src https: data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; connect-src https: wss:; form-action 'self' www.facebook.com forms.hsforms.com; object-src 'self'; base-uri 'self'; 1
font-src *.githubusercontent.com *.yotpo.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.meetanshi.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ https://static.addtoany.com/ www.google.com *.meetanshi.com *.doubleclick.net *.yotpo.com https://meetanshi.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com *.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com *.swagger.io *.adobedtm.com *.demdex.net *.magentocommerce.com *.doubleclick.net *.google.com *.paypal.com *.ytimg.com *.meetanshi.com *.yotpo.com *.bing.com *.gstatic.com *.googleapis.com *.solutionsstores.com https://meetanshi.com/media/logo.png https://meetanshi.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.addtoany.com/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.bing.com *.googleapis.com *.yotpo.com widget.freshworks.com m2epro.freshdesk.com *.avada.io player.vimeo.com *.meetanshi.com https://meetanshi.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.yotpo.com *.googleapis.com maxcdn.bootstrapcdn.com *.fontawesome.com widget.freshworks.com m2epro.freshdesk.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://stats.addtoany.com/menu *.googleapis.com *.demdex.net *.google.com *.cardinalcommerce.com *.paypal.com *.meetanshi.com *.yotpo.com *.freshworks.com *.freshdesk.com *.avada.io *.stripe.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.bing.com widget.freshworks.com m2epro.freshdesk.com https://get.geojs.io https://meetanshi.com klarna.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://gapi.storyblok.com https://api.storyblok.com https://a.storyblok.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.wistia.com https://*.wistia.net netlify-cdp-loader.netlify.app 'unsafe-inline' blob: data:; script-src 'nonce-LhbQV1d5Dx3Xt8aAcpjkxMQ80UmFMwqD' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'self' https: http:'nonce-jx6OwtpX+XRW0LdgehUD0nwQeaEgHWOg' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'self' https: http:'self' 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com https://*.storyblok.com https://netlify-rum.netlify.app https://*.wistia.com https://*.wistia.net https://src.litix.io *.visualwebsiteoptimizer.com app.vwo.com https://www.googletagmanager.com https://tagmanager.google.com https://*.onetrust.com https://*.google-analytics.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com googleads.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net https://js.driftt.com https://widget.drift.com *.livechatinc.com *.youtube.com *.google.com *.livechat-static.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com https://fast.wistia.com https://*.onetrust.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com https://www.googletagmanager.com https://tagmanager.google.com *.livechatinc.com *.youtube.com *.google.com blob:; img-src 'self' https://*.hotjar.com https://*.storyblok.com https://*.wistia.com https://*.wistia.net *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://*.onetrust.com https://*.doubleclick.net https://*.bing.com https://*.google-analytics.com www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com googleads.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.livechatinc.com *.youtube.com *.google.com *.livechat-files.com *.livechat-static.com data:; connect-src 'self' https://*.storyblok.com https://*.wistia.com https://*.wistia.net https://*.algolia.net *.visualwebsiteoptimizer.com app.vwo.com ingesteer.services-prod.nsvcs.net https://*.onetrust.com https://*.hotjar.com https://*.hotjar.io wss://ws.hotjar.com https://*.google.com https://*.bing.com https://*.litix.io https://*.doubleclick.net https://gapi.storyblok.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://www.googletagmanager.com px.ads.linkedin.com px4.ads.linkedin.com www.facebook.com connect.facebook.net www.google.com.au; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com https://*.wistia.com data:; object-src 'self' *.livechatinc.com *.youtube.com *.google.com; frame-src 'self' https://gapi.storyblok.com app.netlify.com netlify-cdp-loader.netlify.app https://*.vwo.com https://*.youtube-nocookie.com https://dev.visualwebsiteoptimizer.com https://fast.wistia.com https://fast.wistia.net https://td.doubleclick.net app.vwo.com *.visualwebsiteoptimizer.com https://js.driftt.com https://widget.drift.com https://info.leap.com.au *.livechatinc.com x.adroll.com; worker-src 'self' blob:; media-src 'self' https://*.wistia.com https://*.wistia.net  *.livechatinc.com *.youtube.com *.google.com *.livechat-static.com https://js.driftt.com https://widget.drift.com blob: data:; base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://app.storyblok.com; script-src-elem 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com https://pi.pardot.com s.adroll.com https://*.wistia.com https://*.bing.com https://*.onetrust.com https://netlify-rum.netlify.app; script-src-attr 'self' 'unsafe-inline'; child-src *.livechatinc.com *.youtube.com *.google.com blob:; upgrade-insecure-requests; report-uri /.netlify/functions/__csp-violations 1
child-src 'self' *.safeframe.googlesyndication.com; form-action 'none'; frame-ancestors 'none'; report-uri https://entertainmentcareers.report-uri.com/r/d/csp/wizard 1
font-src *.cloudflare.com *.twitter.com https://www.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com https://fonts.gstatic.com/ *.fontawesome.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.twitter.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.twitter.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://cdn.omise.co https://www.google.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.pixriot.com *.storeimaging.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.cloudflare.com *.twitter.com *.google-analytics.com https://www.google.com *.twimg.com https://www.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com maps.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io https://cdn.omise.co yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com cdn.dnky.co webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://cdn.omise.co *.pixriot.com *.storeimaging.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://*.gstatic.com *.fontawesome.com *.gstatic.com data: https://*.hotjar.com https://fonts.gstatic.com https://www.tommeetippee.com https://cdn.channelsight.com https://*.cloudfront.net https://*.klarnacdn.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.xtento.com https://*.demdex.net https://*.adyen.com https://youtu.be https://pay.google.com https://*.fls.doubleclick.net https://www.paypalobjects.com https://vars.hotjar.com http://www.yotpo.com https://player.vimeo.com/ https://*.googleapis.com/ https://www.facebook.com https://*.cloudiq.com https://optimize.google.com https://widget.trustpilot.com https://*.quiq-cdn.com https://*.pinterest.com https://*.mention-me.com accounts.google.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://*.gstatic.com https://www.xtento.com cdn.xtento.com *.gstatic.com *.google.co.uk *.google.com https://www.googletagmanager.com https://*.googleapis.com https://services.postcodeanywhere.co.uk https://www.rnengage.com https://*.bing.com https://mgl.sc.omtrdc.net https://cm.everesttech.net https://*.adyen.com https://*.demdex.net/ https://amcglobal.sc.omtrdc.net https://*.widget.custhelp.com https://*.cloudiq.com https://*.pinterest.com https://www.facebook.com https://cdn.cookielaw.org https://*.hotjar.com https://optimize.google.com https://cdn.channelsight.com https://secure.tommeetippee.com https://*.pixriot.com https://www.storeimaging.com https://*.quantcount.com https://*.quantserve.com https://*.clarity.ms https://*.cloudfront.net *.pixriot.com *.storeimaging.com https://site-assets.afterpay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.adyen.com *.exponea.com www.xtento.com cdn.xtento.com https://cdn.channelsight.com http://maybo11111.pcapredict.com https://services.postcodeanywhere.co.uk https://polyfill.io https://www.google.com https://www.gstatic.com https://*.googleapis.com https://*.widget.custhelp.com https://*.custhelp.com https://*.rightnowtech.com https://www.rnengage.com https://bat.bing.com https://pay.google.com https://googleads.g.doubleclick.net https://*.newrelic.com https://*.nr-data.net https://*.hotjar.com https://connect.facebook.net https://cdn.cookielaw.org https://*.cloudiq.com https://*.onetrust.com https://*.pinimg.com https://*.paypal.com https://*.google-analytics.com https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://static.cloudflareinsights.com https://*.quiq-api.com https://*.quiq-cdn.com https://*.pixriot.com https://js.monitor.azure.com https://*.quantcount.com https://*.quantserve.com https://*.clarity.ms https://*.fullstory.com  https://apps.storystream.ai https://www.dwin1.com https://*.px-cloud.net https://*.px-cdn.net https://*.mention-me.com https://cdn.stape.io https://*.klarnaservices.com *.avada.io accounts.google.com https://js.afterpay.com https://*.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com/ *.fontawesome.com https://services.postcodeanywhere.co.uk https://*.widget.custhelp.com https://www.gstatic.com https://fonts.googleapis.com https://*.googleapis.com/ https://optimize.google.com https://cdn.channelsight.com https://*.cloudfront.net https://www.googletagmanager.com https://*.klarnacdn.net accounts.google.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.exponea.com https://services.postcodeanywhere.co.uk https://www.google-analytics.com https://stats.g.doubleclick.net https://*.demdex.net https://bam-cell.nr-data.net https://cdn.cookielaw.org https://amcglobal.sc.omtrdc.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.onetrust.com https://*.pinterest.com https://bat.bing.com https://*.cloudiq.com https://*.paypal.com https://*.googleapis.com https://api.channelsight.com https://*.pixriot.com https://dc.services.visualstudio.com https://*.fullstory.com https://*.clarity.ms https://*.google-analytics.com https://*.px-cloud.net https://*.px-cdn.net https://*.cloudfront.net https://*.nr-data.net https://*.mention-me.com *.dxpapi.com https://*.klarnaservices.com *.pixriot.com *.storeimaging.com https://get.geojs.io *.avada.io accounts.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://secure.tt-staging.com/; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com static.addtoany.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com p.typekit.net validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com mcstaging.trainworld.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ store.paradoxlabs.com *.yotpo.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com static.addtoany.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.authorize.net *.yotpo.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com *.googleapis.com *.addtoany.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://dpm.demdex.net *.paypal.com *.authorize.net *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com https://ws.sharethis.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://use.fontawesome.com https://static.ctctcdn.com https://aacdn.nagich.com https://www.google.com https://www.gstatic.com https://t.sharethis.com https://platform-api.sharethis.com https://www.googletagmanager.com https://www.google-analytics.com https://s3-us-west-2.amazonaws.com https://crm.bloomerang.co https://ajax.aspnetcdn.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com https://ws.sharethis.com; style-src 'self' https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://cloud.typography.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://static.ctctcdn.com https://ws.sharethis.com; frame-ancestors 'self' 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: tracker.metricool.com www.google-analytics.com *.facebook.com *.gstatic.com *.facebook.net *.googleapis.com *.doubleclick.net www.googletagmanager.com www.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'none'; script-src 'self' 'unsafe-eval' *.googletagmanager.com; worker-src 'self' blob:; script-src-elem 'self' 'unsafe-inline' *.quora.com *.snapchat.com *.visualwebsiteoptimizer.com *.clarity.ms connect.facebook.net *.hicloud.com sc.lfeeder.com *.licdn.com *.intercom.io *.googletagmanager.com *.intercomcdn.com www.google.com cdn.segment.com www.gstatic.com *.google-analytics.com www.redditstatic.com cdn.mxpnl.com d.adroll.com sc-static.net *.ads-twitter.com *.uembed.com *.zdassets.com; script-src-attr 'unsafe-inline'; style-src 'self'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com; style-src-attr 'unsafe-inline'; img-src * 'self' data:; font-src 'self' data: fonts.intercomcdn.com cdn.bayzat.com fonts.gstatic.com static.codat.io; connect-src 'self' *.sentry.io *.hicloud.com *.huawei.com *.redditstatic.com *.dbankcloud.com *.zdassets.com rum.browser-intake-datadoghq.com *.linkedin.com firebaseremoteconfig.googleapis.com api-iam.intercom.io wss://nexus-websocket-a.intercom.io *.google-analytics.com *.google.com api.bayzat.com api.segment.io cdn.linkedin.oribi.io cdn.segment.com *.zendesk.com *.doubleclick.net *.clarity.ms *.snapchat.com; media-src *.intercomcdn.com; frame-src www.google.com *.doubleclick.net *.snapchat.com; frame-ancestors 'self'; form-action 'self'; base-uri 'self'; manifest-src 'self'; report-uri https://bayzat.report-uri.com/r/t/csp/wizard; report-to default 1
object-src 'none';base-uri 'self';script-src 'nonce-GF576wNAt_nUMXAS8I-oSQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri https://events.mercadolibre.com/csp/reports?identifier=jRuisOMjDBl8yf2xetBFynFnOsHb9gusErSA-ooIZNQWVYMAKXgC-Po5d06V_KH5&policy_id=71&user_id=&request_id=d1d43767-c147-46fe-81fe-64d65b18ff17; report-to csp-endpoint; frame-ancestors 'none' 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: localmonero.co a.localmonero.co ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' https: ; worker-src 'self' blob: ; img-src 'self' https://dl.episerver.net/ https://www.googletagmanager.com/ https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/maps/ https://cm.g.doubleclick.net/ https://ad.doubleclick.net/  https://adservice.google.com/ https://region1.analytics.google.com/ https://w.usabilla.com/ https://stats.g.doubleclick.net/ https://www.facebook.com/ https://www.google.ca/ads/ga-audiences https://www.google.co.il/ads/ga-audiences  https://www.google.co.in/ads/ga-audiences https://www.google.co.ma/ads/ga-audiences https://www.google.co.za/ads/ga-audiences https://www.google.com.gh/ads/ga-audiences https://www.google.com.gi/ads/ga-audiences https://www.google.com.hk/ads/ga-audiences https://www.google.com.ph/ads/ga-audiences https://www.google.com.pk/ads/ga-audiences https://www.google.com/ads/ga-audiences https://www.google.de/ads/ga-audiences https://www.google.dk/ads/ga-audiences https://www.google.es/ads/ga-audiences https://www.google.ie/ads/ga-audiences https://www.google.im/ads/ga-audiences https://www.google.it/ads/ga-audiences https://www.google.je/ads/ga-audiences https://www.google.lt/ads/ga-audiences https://www.google.nl/ads/ga-audiences https://www.google.pl/ads/ga-audiences https://www.google.se/ads/ga-audiences https://www.google-analytics.com https://www.google.com/ https://www.google.co.uk/ https://cdn.cookielaw.org/ ;script-src  'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://maps.googleapis.com/ https://www.googleoptimize.com/ https://www.google-analytics.com/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.responsetap.com/ https://dl.episerver.net/ https://cdn.cookielaw.org/ https://script.infinity-tracking.com https://widget.trustpilot.com/ https://api.usabilla.com/  https://app.optimizely.com/ https://cdn.gbqofs.com/mt/nfumutual/ https://cdn3.optimizely.com/ https://cdn.optimizely.com/ https://www.pagespeed-mod.com/ https://az416426.vo.msecnd.net/ https://unpkg.com/web-vitals/ ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://dl.episerver.net/ ; font-src 'self' https://fonts.gstatic.com/ ; 1
font-src fonts.gstatic.com *.gstatic.com data: fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com cdn.trustami.com widgets.trustedshops.com *.yotpo.com assets.bounceexchange.com events.bouncex.net use.fontawesome.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.cookielaw.org *.facebook.net *.pinimg.com assets.bounceexchange.com events.bouncex.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.weltpixel.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com track2.trbo.com ad4m.at ad4mat.net pixel.bsmartdata.com bid.g.doubleclick.net secure.pay1.de https://payments.amazon.de *.google.com t.adcell.com googleads.g.doubleclick.net *.google.de *.google.com.de *.facebook.com *.braintreegateway.com *.kaptcha.com *.doubleclick.net calendly.com *.pinterest.com *.authorize.net assets.bounceexchange.com events.bouncex.net *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com www.feedoptimise.com cdn.feedoptimise.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com hello.zonos.com *.pinterest.com google.com www.google.com.ua cdn.trustami.com *.trbo.com *.google.com *.google.me *.billiger.de bat.bing.com c.bing.com *.googletagmanager.com widgets.trustedshops.com app.usercentrics.eu *.doubleclick.net ad4m.at piwik.seoswisswirtz.ch www.lampenonline.de ih.adscale.de business.trustedshops.de *.adform.net *.cloudfront.net cdn.klarna.com https://payments.amazon.de marketing.net.idealopartner.com billiger.de t.adcell.com www.gstatic.com *.google.de *.google.com.de *.adition.com *.magentocommerce.com *.clarity.ms e.cdnwidget.com assets.bounceexchange.com events.bouncex.net media.sailthru.com cdn.cookielaw.org *.cdninstagram.com *.fbcdn.net api.bounceexchange.com www.xtento.com cdn.xtento.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.feedoptimise.com cdn.feedoptimise.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.googletagmanager.com t.adcell.com rns.matelso.de *.google-analytics.com www.gstatic.com googleads.g.doubleclick.net cdn.trustami.com widgets.trustedshops.com static.trbo.com piwik.seoswisswirtz.ch app.usercentrics.eu www.adcell.de app.trustami.com bat.bing.com www.billiger.de api.trbo.com ad4m.at *.adform.net www.ad4mat.de r.df-srv.de *.payments-amazon.com https://payments.amazon.de cdn.klarna.com secure.pay1.de *.jquery.com hello.zonos.com *.sail-horizon.com *.pinimg.com *.pingdom.net *.iglobalstores.com *.pinterest.com *.newrelic.com *.nr-data.net *.calendly.com *.cookielaw.org *.adobedtm.com *.onetrust.com *.clarity.ms cdn.attn.tv assets.bounceexchange.com events.bouncex.net js.go2sdk.com https://www.googletagmanager.com tagmanager.google.com ajax.googleapis.com *.instagram.com tag.wknd.ai api.bounceexchange.com www.xtento.com cdn.xtento.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com cdn.trustami.com https://payments.amazon.de assets.bounceexchange.com events.bouncex.net tagmanager.google.com *.yotpo.com swellrewards.com *.swellrewards.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com hello.zonos.com *.pinterest.com *.sail-personalize.com *.pingdom.net api.usercentrics.eu rns.matelso.de graphql.usercentrics.eu *.amazon.com *.criteo.com https://payments.amazon.de *.googletagmanager.com *.doubleclick.net t.adcell.com *.trustedshops.com *.etrusted.com *.sail-track.com *.nr-data.net *.cookielaw.org *.clarity.ms geolocation.onetrust.com data.cdnbasket.net page.cdnbasket.net view.cdnbasket.net ids.cdnwidget.com privacyportal.onetrust.com maps.googleapis.com image.cdnbasket.net events.attentivemobile.com assets.bounceexchange.com events.bouncex.net ss.chilewich.com *.analytics.google.com https://www.google-analytics.com *.instagram.com *.googleusercontent.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com *.googleapis.com *.gstatic.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.candid-io.site44.com *.typekit.net data: https://fonts.googleapis.com *.hotjar.com *.digitalgenius.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://ct.pinterest.com 'self' javascript: *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.dotdigital-pages.com *.dotdigital.com magento-cloudflare.jetrails.com www.youtube.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.getcandid.com *.vimeo.com *.zohopublic.com *.candid-io.site44.com *.googleapis.com *.hotjar.com *.pinterest.com https://connect.chargelogic.com https://www.google.com https://eazyform.app *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com www.apptrian.com ct.pinterest.com *.ytimg.com *.klevu.com *.ksearchnet.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.hubspotusercontent-na1.net *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twimg.com *.getcandid.com *.azureedge.net *.arteriorshome.com *.cdninstagram.com *.candid.io https://forms.hsforms.com https://forms-na1.hsforms.com https://candid-io.site44.com https://bam.nr-data.net https://track.hubspot.com https://lite-vimeo-embed.now.sh https://lite-vimeo-embed.vercel.app *.userway.org *.facebook.com *.reddit.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.apptrian.com www.pinterest.com s.pinimg.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.klevu.com *.ksearchnet.com *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.google-analytics.com *.google.com *.typekit.net *.fontawesome.com *.hsforms.net *.hsforms.com *.nr-data.net *.newrelic.com *.getcandid.com *.netdna-ssl.com *.jquery.com *.candid-io.site44.com *.hotjar.com https://maxcdn.bootstrapcdn.com *.digitalgenius.com https://cdn.jsdelivr.net https://eazyform.app https://js.hs-scripts.com *.hscollectedforms.net *.noibu.com *.pingdom.net https://js.hs-analytics.net https://js.hs-banner.com https://rum-static.pingdom.net https://cdn.noibu.com/collect.js https://arteriors.atlassian.net http://unpkg.com *.userway.org *.pinterest.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.klevu.com *.ksearchnet.com *.hotjar.com *.cloudflare.com *.googleapis.com *.twimg.com *.gstatic.com *.typekit.net *.getcandid.com *.fontawesome.com *.candid-io.site44.com data: *.userway.org tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com ct.pinterest.com https://www.arteriorshome.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com www.apptrian.com ct.pinterest.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.candid-io.site44.com *.nr-data.net *.hsforms.net *.hsforms.com *.azureedge.net *.getcandid.com *.hotjar.com *.js.hs-banner.com *.noibu.com *.pingdom.net *.hscollectedforms.net wss://input.noibu.com *.dgdeepai.com *.userway.org *.google-analytics.com analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' blob: wss:; report-uri https://7ee2a4f517b54c13812e54076aefcb7d.myssl-uri.com/api/csp-report 1
script-src 'self' https: 'unsafe-inline' 1
font-src fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com *.lamaisonduchocolat.com *.avis-verifies.com/ *.vimeocdn.com *.vimeo.com *.reetags.com *.weltpixel.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.adyen.com maps.googleapis.com maps.gstatic.com *.lamaisonduchocolat.com *.vimeo.com *.paypal.com *.gstatic.com *.analytics.google.com reetags.com *.linkedin.com https://images.unsplash.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com polyfill.io maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.lamaisonduchocolat.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googleapis.com *.gstatic.com *.google.com *.paypal.com *.braintreegateway.com *.cardinalcommerce.com *.reetags.com *.privacy-center.org js.aploze.com *.jsdelivr.net snap.licdn.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.lamaisonduchocolat.com *.reetags.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.lamaisonduchocolat.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.algolia.net *.algolia.com *.algolianet.com *.lamaisonduchocolat.com *.googleapis.com *.analytics.google.com *.reetags.com *.linkedin.com *.privacy-center.org https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: static.gollog.com.br static.zdassets.com www.googletagmanager.com *.voegol.com.br rs.fullstory.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src https://fonts.gstatic.com https://use.fontawesome.com https://cdn.nlpg.com https://cdn.masterbooks.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.youtu.be *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.doubleclick.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.youtu.be *.img.youtube.com *.trackedlink.net https://www.facebook.com https://online.flippingbook.com https://*.cloudfront.net https://*.masterbooks.com https://*.nlpg.com *.google.com.ar *.google.com *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com flagpedia.net *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://cdn.noibu.com https://cdn.jsdelivr.net https://connect.facebook.net https://static.zdassets.com https://online.flippingbook.com https://*.cloudfront.net https://cdn.nlpg.com https://cdn.masterbooks.com *.googletagmanager.com *.google.com app.viralsweep.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com *.gstatic.com maps.googleapis.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://fonts.googleapis.com https://use.fontawesome.com https://cdn.nlpg.com https://cdn.masterbooks.com *.googletagmanager.com *.googleapis.com unsafe-inline assets.braintreegateway.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.youtube.com *.youtu.be *.img.youtube.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://ekr.zdassets.com https://fbo-b.flippingbook.com https://nlpg.zendesk.com wss://input.noibu.com *.noibu.com *.doubleclick.net https://cdn.nlpg.com https://cdn.masterbooks.com https://www.google.com.ar https://www.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com www.gstatic.com maps.googleapis.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://53272415-ac62-4480-bded-0011a34ac7cd.sansec.watch/; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com data: *.facebook.com *.onetrust.com *.cookielaw.org *.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ data: *.google.com *.addthis.com *.tagembed.com *.flipsnack.com *.facebook.com bt.signifyd.com:11103 *.walls.io *.onetrust.com *.cookielaw.org *.equalada-api.herokuapp.com *.herokuapp.com *.doubleclick.net maps.googleapis.com chart.googleapis.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com *.gstatic.com *.cardinalcommerce.com *.facebook.com *.google.com www.google.co.in mcusercontent.com *.onetrust.com *.cookielaw.org https://img.youtube.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.googleapis.com *.gstatic.com data: *.cardinalcommerce.com *.facebook.net *.zassets.com static.zdassets.com *.google.com walls.io *.g.doubleclick.net *.moatads.com *.addthisedge.com *.addthis.com *.tagembed.com *.ccdc02.com chimpstatic.com *.authorize.net mc.us5.list-manage.com *.mailchimp.com *.zopim.com *.onetrust.com *.cookielaw.org *.hotjar.com *.smartlook.com maps.googleapis.com chart.googleapis.com s7.addthis.com *.googletagmanager.com tagmanager.google.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com data: *.mailchimp.com *.onetrust.com *.cookielaw.org maxcdn.bootstrapcdn.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com data: *.zdassets.com *.onetrust.com *.cookielaw.org 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io *.googleapis.com data: wss: *.zendesk.com *.zopim.com widget-mediator.zopim.com stats.g.doubleclick.net bam-cell.nr-data.net *.authorize.net bt.signifyd.com:11103 *.onetrust.com *.cookielaw.org bam.nr-data.net vc.hotjar.io maps.googleapis.com chart.googleapis.com ekr.zdassets.com/ *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-UHNw_1OQ3w-dei3F-si2fA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-inline' chrome-extension: https://mc.yandex.ru 127.0.0.1:8182 127.0.0.1:8888 127.0.0.1:5005; frame-src 'self' https://mc.yandex.ru chrome-extension: https://mc.yandex.md https://mc.yandex.com; object-src 'self'; report-uri /cspreportonly; 1
object-src 'none';base-uri 'self';script-src 'nonce-o8d-H0K6_YsO-Oyq5YalNQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com *.2mdn.net *.mailchimp.com www.google.es *.doubleclick.net *.facebook.net www.googletagservices.com *.googlesyndication.com chimpstatic.com *.gstatic.com *.twitter.com region1.analytics.google.com analytics.google.com www.googletagmanager.com www.once.es *.googleapis.com t.co www.google-analytics.com cdn.iterwebcms.com tracker.metricool.com *.tiktok.com www.youtube.com *.facebook.com mas.protecmedia.com mcusercontent.com *.list-manage.com *.ads-twitter.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-8KapBqCJU2wX9HidVqhNdg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-xUlltaQqC70LC-RmGxF9mw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-GCVINwYe82ceCmQ4kIJI0w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.facebook.net use.typekit.net *.adobe.com analytics.google.com cdn.weglot.com tags.w55c.net *.doubleclick.net cdn.sanity.io www.googletagmanager.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src fonts.gstatic.com use.typekit.net *.newrelic.com *.nr-data.net https://js-agent.newrelic.com/ https://connect.facebook.net/ https://page.widget.zalo.me/ https://analytics.pangle-ads.com https://measurement-api.criteo.com https://rt.udmserve.net https://public-prod-dspcookiematching.dmxleo.com https://mixer.mobon.net https://sync.teads.tv https://sync.cootlogix.com https://sync.cenarius.orangeclickmedia.com https://dsum-sec.casalemedia.com https://stats.g.doubleclick.net https://sync.aralego.com *.hoang-phuc.com https://tags.creativecdn.com/ https://script.crazyegg.com/ https://dynamic.criteo.com/ https://analytics.tiktok.com/ https://sslwidget.criteo.com/ https://asia.creativecdn.com/ https://pagestates-tracking.crazyegg.com/ https://assets-tracking.crazyegg.com/ https://csync.loopme.me/ https://cm.mgid.com/ https://x.bidswitch.net/ https://ib.adnxs.com/ https://contextual.media.net/ https://pixel.rubiconproject.com/ https://rtb-csync.smartadserver.com/ https://sync-t1.taboola.com/ https://criteo-sync.teads.tv/ https://eb2.3lift.com/ https://ups.analytics.yahoo.com/ https://adgen.socdm.com/ https://tg.socdm.com/ https://gum.criteo.com/ https://r.casalemedia.com/ https://adx.dable.io/ https://cs.adingo.jp/ https://ads.stickyadstv.com/ https://ad.360yield.com/ https://idsync.rlcdn.com/ https://exchange.mediavine.com/ https://c.bing.com/ https://sync.outbrain.com/ https://simage2.pubmatic.com/ https://s.ad.smaato.net/ https://ade.clmbtech.com/ https://sync-criteo.ads.yieldmo.com/ https://dis.criteo.com/ https://hb.yahoo.net/ http://sync.1rx.io/ https://sync.targeting.unrulymedia.com/ https://match.sharethrough.com/ https://s-cs.rmp.rakuten.com/ https://usersync.gumgum.com/ https://t.adx.opera.com/ https://ad.tpmn.co.kr/ https://bh.contextweb.com/ https://sin.creativecdn.com/ https://cdnjs.cloudflare.com/ https://online-gateway.ghn.vn/ *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: *.newrelic.com *.nr-data.net https://js-agent.newrelic.com/ https://connect.facebook.net/ https://page.widget.zalo.me/ https://analytics.pangle-ads.com https://measurement-api.criteo.com https://rt.udmserve.net https://public-prod-dspcookiematching.dmxleo.com https://mixer.mobon.net https://sync.teads.tv https://sync.cootlogix.com https://sync.cenarius.orangeclickmedia.com https://dsum-sec.casalemedia.com https://sync.aralego.com *.hoang-phuc.com https://tags.creativecdn.com/ https://script.crazyegg.com/ https://dynamic.criteo.com/ https://analytics.tiktok.com/ https://sslwidget.criteo.com/ https://asia.creativecdn.com/ https://www.google.com https://analytics.google.com/ https://stats.g.doubleclick.net https://www.googletagmanager.com https://td.doubleclick.net/ https://fonts.gstatic.com https://pagestates-tracking.crazyegg.com/ https://assets-tracking.crazyegg.com/ https://csync.loopme.me/ https://cm.mgid.com/ https://x.bidswitch.net/ https://ib.adnxs.com/ https://contextual.media.net/ https://pixel.rubiconproject.com/ https://rtb-csync.smartadserver.com/ https://sync-t1.taboola.com/ https://criteo-sync.teads.tv/ https://eb2.3lift.com/ https://ups.analytics.yahoo.com/ https://adgen.socdm.com/ https://tg.socdm.com/ https://gum.criteo.com/ https://r.casalemedia.com/ https://adx.dable.io/ https://cs.adingo.jp/ https://ads.stickyadstv.com/ https://ad.360yield.com/ https://idsync.rlcdn.com/ https://exchange.mediavine.com/ https://c.bing.com/ https://sync.outbrain.com/ https://simage2.pubmatic.com/ https://s.ad.smaato.net/ https://ade.clmbtech.com/ https://sync-criteo.ads.yieldmo.com/ https://dis.criteo.com/ https://hb.yahoo.net/ http://sync.1rx.io/ https://sync.targeting.unrulymedia.com/ https://match.sharethrough.com/ https://s-cs.rmp.rakuten.com/ https://usersync.gumgum.com/ https://t.adx.opera.com/ https://ad.tpmn.co.kr/ https://bh.contextweb.com/ https://sin.creativecdn.com/ https://cdnjs.cloudflare.com/ https://online-gateway.ghn.vn/ https://www.facebook.com/ *.facebook.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com landofcoder.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io *.demdex.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.newrelic.com *.nr-data.net https://js-agent.newrelic.com/ https://connect.facebook.net/ https://page.widget.zalo.me/ https://analytics.pangle-ads.com https://measurement-api.criteo.com https://rt.udmserve.net https://public-prod-dspcookiematching.dmxleo.com https://mixer.mobon.net https://sync.teads.tv https://sync.cootlogix.com https://sync.cenarius.orangeclickmedia.com https://dsum-sec.casalemedia.com https://sync.aralego.com *.hoang-phuc.com https://hpi.izysync.com/media/ https://tags.creativecdn.com/ https://script.crazyegg.com/ https://dynamic.criteo.com/ https://analytics.tiktok.com/ https://sslwidget.criteo.com/ https://asia.creativecdn.com/ https://www.google.com https://analytics.google.com/ https://stats.g.doubleclick.net https://www.googletagmanager.com https://td.doubleclick.net/ https://fonts.gstatic.com https://pagestates-tracking.crazyegg.com/ https://assets-tracking.crazyegg.com/ https://csync.loopme.me/ https://cm.mgid.com/ https://x.bidswitch.net/ https://ib.adnxs.com/ https://contextual.media.net/ https://pixel.rubiconproject.com/ https://rtb-csync.smartadserver.com/ https://sync-t1.taboola.com/ https://criteo-sync.teads.tv/ https://eb2.3lift.com/ https://ups.analytics.yahoo.com/ https://adgen.socdm.com/ https://tg.socdm.com/ https://gum.criteo.com/ https://r.casalemedia.com/ https://adx.dable.io/ https://cs.adingo.jp/ https://ads.stickyadstv.com/ https://ad.360yield.com/ https://idsync.rlcdn.com/ https://exchange.mediavine.com/ https://c.bing.com/ https://sync.outbrain.com/ https://simage2.pubmatic.com/ https://s.ad.smaato.net/ https://ade.clmbtech.com/ https://sync-criteo.ads.yieldmo.com/ https://dis.criteo.com/ https://hb.yahoo.net/ http://sync.1rx.io/ https://sync.targeting.unrulymedia.com/ https://match.sharethrough.com/ https://s-cs.rmp.rakuten.com/ https://usersync.gumgum.com/ https://t.adx.opera.com/ https://ad.tpmn.co.kr/ https://bh.contextweb.com/ https://sin.creativecdn.com/ https://cdnjs.cloudflare.com/ https://online-gateway.ghn.vn/ https://www.facebook.com/ *.facebook.net www.google.com.vn www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io * searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com unpkg.com commerce.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com s7.addthis.com *.newrelic.com *.nr-data.net https://js-agent.newrelic.com/ https://connect.facebook.net/ https://page.widget.zalo.me/ https://analytics.pangle-ads.com https://measurement-api.criteo.com https://rt.udmserve.net https://public-prod-dspcookiematching.dmxleo.com https://mixer.mobon.net https://sync.teads.tv https://sync.cootlogix.com https://sync.cenarius.orangeclickmedia.com https://dsum-sec.casalemedia.com https://sync.aralego.com *.hoang-phuc.com https://za.zdn.vn/ https://tags.creativecdn.com/ https://script.crazyegg.com/ https://dynamic.criteo.com/ https://analytics.tiktok.com/ https://sslwidget.criteo.com/ https://asia.creativecdn.com/ https://www.google.com https://analytics.google.com/ https://stats.g.doubleclick.net https://www.googletagmanager.com https://td.doubleclick.net/ https://fonts.gstatic.com https://pagestates-tracking.crazyegg.com/ https://assets-tracking.crazyegg.com/ https://csync.loopme.me/ https://cm.mgid.com/ https://x.bidswitch.net/ https://ib.adnxs.com/ https://contextual.media.net/ https://pixel.rubiconproject.com/ https://rtb-csync.smartadserver.com/ https://sync-t1.taboola.com/ https://criteo-sync.teads.tv/ https://eb2.3lift.com/ https://ups.analytics.yahoo.com/ https://adgen.socdm.com/ https://tg.socdm.com/ https://gum.criteo.com/ https://r.casalemedia.com/ https://adx.dable.io/ https://cs.adingo.jp/ https://ads.stickyadstv.com/ https://ad.360yield.com/ https://idsync.rlcdn.com/ https://exchange.mediavine.com/ https://c.bing.com/ https://sync.outbrain.com/ https://simage2.pubmatic.com/ https://s.ad.smaato.net/ https://ade.clmbtech.com/ https://sync-criteo.ads.yieldmo.com/ https://dis.criteo.com/ https://hb.yahoo.net/ http://sync.1rx.io/ https://sync.targeting.unrulymedia.com/ https://match.sharethrough.com/ https://s-cs.rmp.rakuten.com/ https://usersync.gumgum.com/ https://t.adx.opera.com/ https://ad.tpmn.co.kr/ https://bh.contextweb.com/ https://sin.creativecdn.com/ https://cdnjs.cloudflare.com/ https://online-gateway.ghn.vn/ www.google.com https://www.facebook.com/ *.facebook.net cdn.jsdelivr.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com landofcoder.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.newrelic.com *.nr-data.net https://js-agent.newrelic.com/ https://connect.facebook.net/ https://page.widget.zalo.me/ https://analytics.pangle-ads.com https://measurement-api.criteo.com https://rt.udmserve.net https://public-prod-dspcookiematching.dmxleo.com https://mixer.mobon.net https://sync.teads.tv https://sync.cootlogix.com https://sync.cenarius.orangeclickmedia.com https://dsum-sec.casalemedia.com https://stats.g.doubleclick.net https://sync.aralego.com *.hoang-phuc.com https://tags.creativecdn.com/ https://script.crazyegg.com/ https://dynamic.criteo.com/ https://analytics.tiktok.com/ https://sslwidget.criteo.com/ https://asia.creativecdn.com/ https://www.googletagmanager.com https://pagestates-tracking.crazyegg.com/ https://assets-tracking.crazyegg.com/ https://csync.loopme.me/ https://cm.mgid.com/ https://x.bidswitch.net/ https://ib.adnxs.com/ https://contextual.media.net/ https://pixel.rubiconproject.com/ https://rtb-csync.smartadserver.com/ https://sync-t1.taboola.com/ https://criteo-sync.teads.tv/ https://eb2.3lift.com/ https://ups.analytics.yahoo.com/ https://adgen.socdm.com/ https://tg.socdm.com/ https://gum.criteo.com/ https://r.casalemedia.com/ https://adx.dable.io/ https://cs.adingo.jp/ https://ads.stickyadstv.com/ https://ad.360yield.com/ https://idsync.rlcdn.com/ https://exchange.mediavine.com/ https://c.bing.com/ https://sync.outbrain.com/ https://simage2.pubmatic.com/ https://s.ad.smaato.net/ https://ade.clmbtech.com/ https://sync-criteo.ads.yieldmo.com/ https://dis.criteo.com/ https://hb.yahoo.net/ http://sync.1rx.io/ https://sync.targeting.unrulymedia.com/ https://match.sharethrough.com/ https://s-cs.rmp.rakuten.com/ https://usersync.gumgum.com/ https://t.adx.opera.com/ https://ad.tpmn.co.kr/ https://bh.contextweb.com/ https://sin.creativecdn.com/ https://cdnjs.cloudflare.com/ https://online-gateway.ghn.vn/ fonts.gstatic.com cdn.jsdelivr.net *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.adobe.io performance.typekit.net *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io * searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com commerce.adobedtm.com commerce.adobedc.net vimeo.com api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com https://www.sandbox.paypal.com https://www.paypal.com ekr.zdassets.com/ *.newrelic.com *.nr-data.net https://js-agent.newrelic.com/ https://connect.facebook.net/ https://page.widget.zalo.me/ https://analytics.pangle-ads.com https://measurement-api.criteo.com https://rt.udmserve.net https://public-prod-dspcookiematching.dmxleo.com https://mixer.mobon.net https://sync.teads.tv https://sync.cootlogix.com https://sync.cenarius.orangeclickmedia.com https://dsum-sec.casalemedia.com https://sync.aralego.com *.hoang-phuc.com https://za.zalo.me/ https://delivery-cloud.cdp.asia/interaction/ https://tags.creativecdn.com/ https://script.crazyegg.com/ https://dynamic.criteo.com/ https://analytics.tiktok.com/ https://sslwidget.criteo.com/ https://asia.creativecdn.com/ https://www.google.com https://analytics.google.com/ https://stats.g.doubleclick.net https://www.googletagmanager.com https://td.doubleclick.net/ https://fonts.gstatic.com https://pagestates-tracking.crazyegg.com/ https://assets-tracking.crazyegg.com/ https://csync.loopme.me/ https://cm.mgid.com/ https://x.bidswitch.net/ https://ib.adnxs.com/ https://contextual.media.net/ https://pixel.rubiconproject.com/ https://rtb-csync.smartadserver.com/ https://sync-t1.taboola.com/ https://criteo-sync.teads.tv/ https://eb2.3lift.com/ https://ups.analytics.yahoo.com/ https://adgen.socdm.com/ https://tg.socdm.com/ https://gum.criteo.com/ https://r.casalemedia.com/ https://adx.dable.io/ https://cs.adingo.jp/ https://ads.stickyadstv.com/ https://ad.360yield.com/ https://idsync.rlcdn.com/ https://exchange.mediavine.com/ https://c.bing.com/ https://sync.outbrain.com/ https://simage2.pubmatic.com/ https://s.ad.smaato.net/ https://ade.clmbtech.com/ https://sync-criteo.ads.yieldmo.com/ https://dis.criteo.com/ https://hb.yahoo.net/ http://sync.1rx.io/ https://sync.targeting.unrulymedia.com/ https://match.sharethrough.com/ https://s-cs.rmp.rakuten.com/ https://usersync.gumgum.com/ https://t.adx.opera.com/ https://ad.tpmn.co.kr/ https://bh.contextweb.com/ https://sin.creativecdn.com/ https://cdnjs.cloudflare.com/ https://online-gateway.ghn.vn/ https://www.facebook.com/ *.facebook.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com landofcoder.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-IUCtuNFJqW1-otif9da7XQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com 'self' data: *.fontawesome.com *.bootstrapcdn.com *.punchout2go.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cenpos.net *.cenpos.com *.google.com *.gstatic.com *.cardinalcommerce.com *.salesforce.com *.punchout2go.com *.tradecentric.com 'self' 'unsafe-inline'; frame-ancestors *.schoolhealth.com mcstaging2.schoolhealth.com/ portal.punchout2go.com qa-portal.punchout2go.com dev-portal.punchout2go.com sapportal.ocps.net sapportalqap.ocps.net shop.equallevel.com *.punchout2go.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.sharethis.com https://static.addtoany.com/ *.cenpos.net *.cenpos.com *.google.com *.gstatic.com *.cardinalcommerce.com *.schoolhealth.com *.punchout2go.com *.tradecentric.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: blob: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com *.gstatic.com *.googleapis.com *.b0e8.com *.cenpos.net *.cenpos.com https://images.unsplash.com https://*.asknice.ly *.schoolhealth.com  *.chartbeat.com *.chartbeat.net *.pages03.net *.unbxdapi.com *.punchout2go.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.sharethis.com https://static.addtoany.com/ *.googleapis.com *.gstatic.com *.b0e8.com *.bc0a.com *.cenpos.com *.cenpos.net *.google.com *.cardinalcommerce.com https://static.asknice.ly ssl.google-analytics.com *.cloudfront.net *.cloudflare.com *.pages03.net *.addtoany.com *.chartbeat.com *.punchout2go.com *.unbxdapi.com *.unbxd.com *.unbxd.io data: *.tradecentric.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.sharethis.com *.fontawesome.com https://static.asknice.ly *.bootstrapcdn.com *.punchout2go.com *.googleapis.com *.unbxdapi.com *.unbxd.com *.unbxd.io *.tradecentric.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io vimeo.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net api.magento.com *.adobe.io performance.typekit.net *.magento-datasolutions.com *.magento-ds.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sharethis.com https://stats.addtoany.com/menu *.googleapis.com https://*.asknice.ly *.doubleclick.net *.demdex.net *.punchout2go.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src 'self' https://firestore.googleapis.com http://s34573.pcdn.co https://s34573.pcdn.co https://website-gateway.meisterplan.com https://*.calendly.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://api.hsforms.com https://maps.googleapis.com *.addsearch.com https://*.google.com https://*.gstatic.com https://website-gateway.meisterplan.io https://emea-en.meisterplan.com www.googletagmanager.com *.google-analytics.com www.googleadservices.com *.doubleclick.net www.googleoptimize.com snap.licdn.com static.ads-twitter.com connect.facebook.net bat.bing.com *.clarity.ms https://*.sentry.io https://cdn.linkedin.oribi.io *.twitter.com *.facebook.com *.linkedin.com https://fp.meisterplan.com https://www.google.de; default-src 'self' data: http://s34573.pcdn.co https://s34573.pcdn.co; font-src 'self' https: data:; script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ http://s34573.pcdn.co https://s34573.pcdn.co https://*.calendly.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://api.hsforms.com https://maps.googleapis.com *.addsearch.com 'unsafe-eval' https://*.google.com https://*.gstatic.com www.googletagmanager.com *.google-analytics.com www.googleadservices.com *.doubleclick.net www.googleoptimize.com snap.licdn.com static.ads-twitter.com connect.facebook.net bat.bing.com *.clarity.ms translate.googleapis.com https://dev.visualwebsiteoptimizer.com https://fpjscdn.net https://fp.meisterplan.com; style-src https: 'unsafe-inline'; img-src https: data: *.doubleclick.net *.twitter.com; media-src https: data:; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://calendly.com https://www.youtube.com https://www.youtube-nocookie.com *.doubleclick.net https://www.google.com https://*.tourial.com https://giphy.com *.facebook.com; report-uri https://meisterplan.report-uri.com/r/d/csp/reportOnly 1
default-src https: data: 'unsafe-eval' 'unsafe-inline'; script-src-elem 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.abstractscorecard.com www.googletagmanager.com www.mycadmium.com abstract.cadmiumcd.com abs.gocadmium.com; style-src-elem 'unsafe-eval' 'unsafe-inline' www.abstractscorecard.com www.mycadmium.com abstract.cadmiumcd.com abs.gocadmium.com; report-uri /csp-violation-report-endpoint/ 1
script-src 'self' https: https://www.google-analytics.com https://cdn.amplitude.com 'unsafe-eval' 'unsafe-inline' data: 'nonce-jwUTNFI1KDpWBKBRk0hZsg=='; worker-src blob: data:; report-uri https://us.sentry.io/api/4506690010480640/security/?sentry_key=aab2498373841041d6b48d721aefbdc1&sentry_environment=production&sentry_release=17a9342b72cbc5a23d29ea3ccfa97e5e11121a00 1
default-src 'self'; img-src * data: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/  https://www.gstatic.com/recaptcha/ https://gateway.zscloud.net gateway.zscalerthree.net zscaler.net https://*.pcipal.cloud https://*.stripe.com/ blob:; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*.pcipal.cloud https://www.google.com  accounts.google.com https://www.google.com/recaptcha/  www.gstatic.com/recaptcha/ https://fonts.googleapis.com/css2 *.walkme.com https://gateway.zscloud.net gateway.zscalerthree.net zscaler.net https://*.cardinalcommerce.com/ https://*.stripe.com/ blob:; frame-src * data: 'report-sample'; style-src 'self' 'unsafe-inline' *.walkme.com; report-uri https://pcipal.report-uri.com/r/d/csp/reportOnly; connect-src 'self' wss://pcipal.cloud wss://*.pcipal.cloud https://*.pcipal.cloud:* *.walkme.com https://kg668dbov0.execute-api.us-east-1.amazonaws.com/stag/log https://*.apm.eu-west-1.aws.found.io:* https://*.cardinalcommerce.com/ https://pcipal.report-uri.com/ https://*.stripe.com/; font-src * data:; object-src 'none'; 1
font-src fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com data: https://fonts.gstatic.com maxcdn.bootstrapcdn.com *.stamped.io *.yotpo.com *.googleapis.com *.gstatic.com www.highpointscientific.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com www.highpointscientific.com 'self' 'unsafe-inline'; frame-ancestors www.highpointscientific.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.getbread.com *.breadpayments.com *.rbcpayplan.com cdn.dnky.co *.hotjar.com *.google.com *.facebook.com *.trustpilot.com *.criteo.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.refersion.com *.livechatinc.com *.braintreegateway.com *.kaptcha.com www.paypalobjects.com *.affirm.com www.xtento.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com www.highpointscientific.com form.123formbuilder.com s7.addthis.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.bird.eu *.getbread.com *.breadpayments.com *.rbcpayplan.com maps.gstatic.com *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com www.gstatic.com *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net https://helloextend-static-assets.s3.amazonaws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://img.youtube.com https://meetanshi.com/media/logo.png www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.googleapis.com *.cloudfront.net *.stamped.io *.amazonaws.com *.userway.org verify.authorize.net scontent.cdninstagram.com *.affirm.com *.routeapp.io *.searchspring.net *.bing.com *.zonos.com www.xtento.com cdn.xtento.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net www.highpointscientific.com kdzs54.a.searchspring.io phosphor.utils.elfsightcdn.com www.highpointscientific.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com f.vimeocdn.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.googleapis.com *.paypal.com *.google.com *.gstatic.com *.googletagmanager.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com static.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com https://*.helloextend.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ cdn.routeapp.io fonts.googleapis.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.refersion.com maps.googleapis.com maps.gstatic.com www.google.com https://translate.google.com translate.googleapis.com www.gstatic.com includes.ccdc02.com cdn.inspectlet.com *.stamped.io *.livechatinc.com *.userway.org www.klarnapayments.com *.affirm.com *.routeapp.io *.searchspring.net *.bing.com *.zonos.com www.xtento.com cdn.xtento.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com www.highpointscientific.com apps.elfsight.com m.addthis.com static.elfsight.com v1.addthisedge.com www.highpointscientific.com z.moatads.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net https://fonts.googleapis.com https://static.klaviyo.com fonts.googleapis.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.stamped.io www.klarnapayments.com *.searchspring.net *.yotpo.com www.highpointscientific.com 'self' 'unsafe-inline'; object-src www.highpointscientific.com 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.zopim.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ static.zdassets.com www.highpointscientific.com 'self' 'unsafe-inline'; manifest-src www.highpointscientific.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.googleapis.com *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net ekr.zdassets.com *.hotjar.com *.hotjar.io wss://widget-mediator.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net *.clarity.ms *.facebook.com *.datatrics.com https://*.helloextend.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.route.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.refersion.com *.authorize.net hn.inspectlet.com stamped.io *.braintreegateway.com *.livechatinc.com *.userway.org graph.instagram.com *.affirm.com *.route.com *.klaviyo.com *.searchspring.io *.zonos.com *.yotpo.com https://imgs.signifyd.com www.highpointscientific.com apps.elfsight.com helloextend-static-assets.s3.amazonaws.com storage.elfsight.com m.addthis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.highpointscientific.com http: https: blob: 'self' 'unsafe-inline'; default-src www.highpointscientific.com checkout.getbread.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.highpointscientific.com 'self' 'unsafe-inline'; report-uri /csp_reporter.php; 1
font-src fonts.gstatic.com use.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.ccavenue.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.ccavenue.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.ccavenue.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.ccavenue.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.magento-datasolutions.com *.magento-ds.com *.ccavenue.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-RhWbCFusrF-honNkDM0_9g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-AfrmAySySGq6qKII-8j0xA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' data: 'self' blob: *.cloudmaestro.com backend.yoogiscloset.com frontend.yoogiscloset.com js-agent.newrelic.com *.nr-data.net backend.yoogiscloset.com frontend.yoogiscloset.com www.yoogiscloset.com xdymhcopnh.execute-api.us-east-1.amazonaws.com knrpc.olark.com www.googletagmanager.com www.googleadservices.com ajax.googleapis.com apis.google.com connect.facebook.net static.olark.com *.google-analytics.com *.listrakbi.com *.static.olark.com *.affirm.com *.firebaseapp.com *.lightwidget.com *.adroll.com *.bing.com *.doubleclick.net *.trustpilot.com storage.googleapis.com api.olark.com *.googleapis.com *.sharethis.com *.clarity.ms www.clarity.ms *.api.olark.com www.google.com connect.facebook.com www.facebook.com *.paypal.com *.paypalobjects.com www.recaptcha.net www.gstatic.com accounts.google.com; report-uri /.webscale/csp-report 1
object-src 'none'; script-src 'self' 'unsafe-eval' https://www.googletagmanager.com https://api.mapbox.com https://api.tiles.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://service.force.com https://static.landbot.io https://www.google.com; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://bat.bing.com https://connect.facebook.net https://snap.licdn.com https://static.hotjar.com https://cdn.pagesense.io https://tag.lexer.io http://cdn.taboola.com https://trc.taboola.com https://script.hotjar.com https://www.clarity.ms https://js-agent.newrelic.com https://bam.nr-data.net https://js.adsrvr.org https://cdn.cookielaw.org https://api.mapbox.com https://api.tiles.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://service.force.com https://static.landbot.io https://www.google.com; style-src 'self' 'unsafe-inline' https://cdn.landbot.io  https://api.mapbox.com https://api.tiles.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 1
font-src maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com platform.twitter.com *.weltpixel.com www.xtento.com *.fw-cdn.com/20195190/105526.js https://widget.freshworks.com *.freshchat.com googleapis.com *.googleapis.com googletagmanager.com *.googletagmanager.com googlesyndication.com *.googlesyndication.com google.com *.google.com google.co.nz *.google.co.nz doubleclick.net *.doubleclick.net staticcdn.co.nz *.staticcdn.co.nz newrelic.com *.newrelic.com nr-data.net *.nr-data.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.gstatic.com www.xtento.com cdn.xtento.com *.fw-cdn.com/20195190/105526.js https://widget.freshworks.com *.freshchat.com googleapis.com *.googleapis.com googletagmanager.com *.googletagmanager.com googlesyndication.com *.googlesyndication.com google.com *.google.com google.co.nz *.google.co.nz doubleclick.net *.doubleclick.net staticcdn.co.nz *.staticcdn.co.nz newrelic.com *.newrelic.com nr-data.net *.nr-data.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com connect.facebook.net twitter.com platform.twitter.com https://www.googletagmanager.com tagmanager.google.com unpkg.com *.maxmind.com www.xtento.com cdn.xtento.com *.fw-cdn.com/20195190/105526.js https://widget.freshworks.com *.freshchat.com googleapis.com *.googleapis.com googlesyndication.com *.googlesyndication.com google.com *.google.com google.co.nz *.google.co.nz doubleclick.net *.doubleclick.net staticcdn.co.nz *.staticcdn.co.nz newrelic.com nr-data.net stripe.com *.stripe.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com maxcdn.bootstrapcdn.com tagmanager.google.com *.fw-cdn.com/20195190/105526.js https://widget.freshworks.com *.freshchat.com googletagmanager.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.google-analytics.com *.mmapiws.com *.fw-cdn.com/20195190/105526.js https://widget.freshworks.com *.freshchat.com googleapis.com *.googleapis.com googletagmanager.com *.googletagmanager.com googlesyndication.com *.googlesyndication.com google.com *.google.com google.co.nz *.google.co.nz doubleclick.net *.doubleclick.net staticcdn.co.nz *.staticcdn.co.nz newrelic.com nr-data.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-_XW2URvFsuDnzf2uq1mLzA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' blob: wss: data: https:; img-src 'self' data: blob: https: android-webview-video-poster android-webview https://assets.badenova.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https: https://www.googletagmanager.com https://connect.facebook.net; script-src-elem 'self' 'unsafe-inline' https: https://cdn.tagcommander.com https://connect.facebook.net https://widgets.trustedshops.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://static.badenova.de; connect-src 'self' wss: https:; style-src 'self' 'unsafe-inline' data: https:; frame-src 'self' data: https:; report-uri https://o569815.ingest.sentry.io/api/5716003/security/?sentry_key=ba1ca883ccf34f2db27be1ed29aedfa3 1
object-src 'none';base-uri 'self';script-src 'nonce-k90HC_306MP9PprHelLokw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ws.generali.rs fast.fonts.net *.doubleclick.net *.facebook.net *.googleapis.com *.gstatic.com media.dynamiclife.online region1.analytics.google.com analytics.google.com www.googletagmanager.com www.google.rs *.salesforceliveagent.com *.facebook.com *.force.com generali-agent-banner.newscred.com adservice.google.com *.googleadservices.com www.google.com analytics.newscred.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.co.uk ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com *.google-analytics.com *.analytics.google.com sanalytics.spreadshirt.co.uk *.spreadshirt.co.uk ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.google-analytics.com *.analytics.google.com *.spreadshirt.co.uk ; font-src 'self' https: data: *.spreadshirt.co.uk ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.co.uk ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.co.uk ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.facebook.com *.cloudfront.net *.everesttech.net static.addtoany.com *.doubleclick.net *.omtrdc.net www.googletagmanager.com *.googleapis.com cdnjs.cloudflare.com *.googleadservices.com *.demdex.net adservice.google.com www.google-analytics.com www.heromotos.mx ssl.google-analytics.com *.gstatic.com assets.adobedtm.com *.facebook.net www.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src *.googleapis.com *.gstatic.com 'self' data: fonts.gstatic.com *.cloudmaestro.com *.punchout2go.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.authorize.net *.punchout2go.com 'self' data: *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.punchout2go.com 'self' data: 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.doubleclick.net *.punchout2go.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com maps.googleapis.com www.googletagmanager.com www.google.com *.cloudmaestro.com *.doubleclick.net *.scene7.com *.bakerdist.com bam.nr-data.net *.punchout2go.com store.paradoxlabs.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ cdnjs.cloudflare.com unpkg.com *.onetrust.com cdn.cookielaw.org maps.googleapis.com *.punchout2go.com *.tradecentric.com cdn.polyfill.io *.cloudmaestro.com js-agent.newrelic.com bam.nr-data.net *.authorize.net *.bakerdist.com static.zdassets.com cdn.rudderlabs.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdnjs.cloudflare.com *.cloudmaestro.com *.punchout2go.com *.tradecentric.com *.bakerdist.com *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.punchout2go.com *.tradecentric.com *.buyerquest.net bam.nr-data.net 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.googleapis.com *.bakerdist.com bam.nr-data.net *.authorize.net cdn.cookielaw.org *.scene7.com lkx760tcl7.execute-api.us-east-1.amazonaws.com www.facebook.com wss://widget-mediator.zopim.com static.cloudflareinsights.com bakerdist.zendesk.com ekr.zdassets.com bkuatdmbogssdi.dataplane.rudderstack.com api.rudderstack.com geolocation.onetrust.com privacyportal.onetrust.com *.punchout2go.com *.google-analytics.com analytics.google.com *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; base-uri 'self'; connect-src 'self' *.google-analytics.com *.analytics.google.com *.cloudflare.com *.eesa.lh; font-src use.fontawesome.com 'self'; frame-src www.youtube.com www.google.com; img-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com; object-src 'none'; script-src 'self' www.googletagmanager.com *.cloudflare.com *.google.com 'strict-dynamic' 'unsafe-inline' 'nonce-L/Zls19yKQ05rJRhFoJl1A=='; style-src 'self' use.fontawesome.com *.cloudflare.com 'unsafe-inline' 'nonce-L/Zls19yKQ05rJRhFoJl1A=='; report-uri /csp/report 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' 'unsafe-inline' chrome-extension: https://www.google.com https://yastatic.net https://www.googletagmanager.com https://connect.facebook.net https://mc.yandex.ru https://www.google-analytics.com https://dataservice.accuweather.com https://api-maps.yandex.ru https://www.gstatic.com 127.0.0.1:8182 127.0.0.1:8888 127.0.0.1:5005; frame-src 'self' https://www.facebook.com chrome-extension: https://mc.yandex.ru https://td.doubleclick.net https://www.googletagmanager.com https://mc.yandex.com; object-src 'self'; report-uri /cspreportonly; 1
object-src 'none';base-uri 'self';script-src 'nonce-J9tl4Bx7wvo6u59GHu5EvA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
child-src 'self'; connect-src 'self' geolocation.onetrust.com; default-src 'self'; font-src 'self'; form-action edeliverysso.metavante.com retailonline.fiservapps.com www.providentolb.com; frame-src 'self' www.providentolb.com; img-src assets.juicer.io s97097.t.eloqua.com ssl.google-analytics.com tracking.go.provident.bank www.juicer.io; manifest-src 'self'; script-src self www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.youtube.com; style-src-elem assets.juicer.io fonts.googleapis.com; style-src assets.juicer.io fonts.googleapis.com self; report-uri https://mschosting.report-uri.com/r/t/csp/wizard 1
frame-ancestors 'self' https://s.brightspace.com https://*.ally.ac https://leaplti.desire2learn.com/ https://leaplti-fr.brightspace.com/ https://tryleap.brightspace.com/ https://leaplti-es.desire2learn.com/ https://leaplti-ptbr.desire2learn.com/ https://leaplti-us.brightspace.com/ https://leaplti-apac.brightspace.com/ https://leaplti-emea.brightspace.com/ https://leapqa.net https://leaplti-ap.brightspace.com https://login.microsoftonline.com/ https://login.live.com/ https://cdn.lcs.brightspace.com/ https://leaplti-in.brightspace.com; report-uri https://logger.us-east-1.logging.brightspace.com/log/csp/Rn2c7qxXc4nuimXn3cC3QgAAAZDsg_FC 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; object-src 'self' blob:; font-src https: data:; report-uri /csp-report 1
object-src 'none';base-uri 'self';script-src 'nonce-617NYOht2Nbum0sz20m9mw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-FDTeIQSmER-zerjJG3hdFw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri *.wein.plus;connect-src *.wein.plus *.googleapis.com;child-src *.wein.plus;default-src 'none';media-src *.wein.plus;form-action *.wein.plus;img-src *.wein.plus data:;font-src *.wein.plus data: *.gstatic.com;manifest-src *.wein.plus;style-src *.wein.plus 'self' 'unsafe-inline';style-src-elem *.wein.plus 'unsafe-inline';script-src *.wein.plus 'self' 'unsafe-inline' *.etracker.com;script-src-elem *.wein.plus 'unsafe-inline' *.etracker.com 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: a.tiles.mapquest.com *.optimizely.com api.hertz.com code.jquery.com api-s.mqcdn.com www.hertz.de apis.google.com *.cloudfront.net assets.mapquestapi.com api.mqcdn.com www.google-analytics.com www.googletagmanager.com *.clarity.ms cdn-prod.eu.securiti.ai t.contentsquare.net q-aeu1.contentsquare.net www.hertzpageo.com c.contentsquare.net images.hertz.com *.gstatic.com www.google.com *.salesforceliveagent.com *.googleapis.com www.google.de attribution.aws.mapquest.com *.facebook.com images2.hertz.com ecom.mss.hertz.io cdn.jsdelivr.net *.googlesyndication.com *.googleadservices.com k-aeu1.contentsquare.net app.eu.securiti.ai www.mapquestapi.com region1.analytics.google.com *.visualwebsiteoptimizer.com www.googletagservices.com use.fontawesome.com *.facebook.net ssl.google-analytics.com unpkg.com www.googleoptimize.com bat.bing.com cdn.polyfill.io cdnjs.cloudflare.com js.stripe.com *.force.com loc.hertz.com apiprod.hertz.com *.doubleclick.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.thuis.nl *.test.paysafe.com *.cloudflare.com cdn.pushcrew.com *.ingest.sentry.io *.paysafe.com *.google.com *.google.nl *.google.sr *.google.be *.google.gr *.google.fr *.google-analytics.com stats.g.doubleclick.net *.doubleclick.net *.slack-edge.com *.googletagmanager.com analytics.sensemakers.nl *.hotjar.com *.hotjar.io; connect-src 'self' 'unsafe-inline' 'unsafe-eval' wss://*.thuis.nl/ wss://ws.hotjar.com/ stats.g.doubleclick.net *.ingest.sentry.io analytics.sensemakers.nl *.google.com *.google.nl *.google.sr *.google.be *.google.gr *.google.fr *.analytics.google.com stats.g.doubleclick.net *.hotjar.io *.hotjar.com *.test.paysafe.com *.paysafe.com *.thuis.nl *.google-analytics.com; img-src * 'self' data: https: blob: https; font-src * 'self' data:; report-uri https://analytics.sensemakers.nl/csp/ 1
default-src https: wss://ws.tsarvar.com wss://wst.tsarvar.com; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-99ad2ffb89b84d849ec815c9e2c94bca' https://myhealthchart.com 'self';img-src https://* 'self' blob: data:;style-src https://myhealthchart.com 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com *.fontawesome.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com *.gstatic.com *.feedaty.com *.erickson.it http://risorseonline.erickson.it *.salesmanago.com cdn.doofinder.com int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.gstatic.com *.feedaty.com *.iubenda.com *.acsbapp.com *.salesmanago.com *.erickson.it *.zdassets.com cdn.doofinder.com int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com www.google.com www.gstatic.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.feedaty.com *.doofinder.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.bolt.com *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.googleapis.com *.feedaty.com *.doubleclick.net *.scalapay.com *.erickson.it *.acsbapp.com *.zdassets.com *.iubenda.com *.doofinder.com wss://*.doofinder.com int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.lgfl.net api.hubapi.com api.userway.org bam.nr-data.net cdn.jsdelivr.net cdn.userway.org connect.facebook.net d8ejoa1fys2rk.cloudfront.net fonts.gstatic.com googleads.g.doubleclick.net www.google-analytics.com www.googletagmanager.com/gtag/js *.hsadspixel.net *.hs-analytics.net *.hs-banner.com *.hscta.net *.hs-scripts.com *.hubspot.com *.newrelic.com unpkg.com www.youtube.com; report-uri /report-csp-violation 1
default-src 'self' bwia.okta.com bwlogin.iaproducers.com *.oktacdn.com; connect-src 'self' bwia.okta.com bwia-admin.okta.com bwlogin.iaproducers.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com bwia.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' bwia.okta.com bwlogin.iaproducers.com *.oktacdn.com; style-src 'unsafe-inline' 'self' bwia.okta.com bwlogin.iaproducers.com *.oktacdn.com; frame-src 'self' bwia.okta.com bwia-admin.okta.com bwlogin.iaproducers.com login.okta.com *.vidyard.com com-okta-authenticator:; img-src 'self' bwia.okta.com bwlogin.iaproducers.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' bwia.okta.com bwlogin.iaproducers.com data: *.oktacdn.com fonts.gstatic.com 1
font-src fonts.gstatic.com use.typekit.net *.squarecdn.com *.googleapis.com *.gstatic.com *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com widgets.sandbox.afterpay.com www.google.com *.dotdigital-pages.com *.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com/ *.googleapis.com *.gstatic.com *.trackedlink.net https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://sdk.giftflick.com.au/ https://cdn.giftflick.com.au/ https://gf-cdn.s3-ap-southeast-2.amazonaws.com/ *.clarity.ms *.google.com https://c.bing.com/ *.facebook.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com https://api.addressfinder.io https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net apis.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://player.vimeo.com/ https://www.giftflick.com.au/ https://sdk.giftflick.com.au/ *.creativecdn.com https://s.pinimg.com/ *.pinterest.com *.clarity.ms https://dusk-455267821617990643-help.freshchat.com/ https://analytics.tiktok.com/ https://connect.facebook.net/ *.wisernotify.com t.cfjump.com *.dusk.com.au 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com https://api.addressfinder.io static.afterpay.com/ *.squarecdn.com *.fontawesome.com unsafe-inline assets.braintreegateway.com https://sdk.giftflick.com.au/ https://dusk-455267821617990643-help.freshchat.com/ *.wisernotify.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://cdn.giftflick.com.au/ https://videos-demo.giftflick.com.au/ 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.magento-datasolutions.com *.magento-ds.com https://api.addressfinder.io *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.giftflick.com.au/ https://api-demo.giftflick.com.au/ https://api.giftflick.com.au/ *.creativecdn.com *.pinterest.com *.clarity.ms https://analytics.tiktok.com/ *.google.com *.wisermapp.com *.azurewebsites.net *.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.typekit.net *.hotjar.com *.audioeye.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.bazaarvoice.com stg.api.bazaarvoice.com https://plumrocket.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.affirm.com *.affirm.ca display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.weltpixel.com https://www.gstatic.com/ https://plumrocket.com *.authorize.net https://*.online-metrix.net https://imgs.signifyd.com *.doubleclick.net *.leasestation.com *.kaptcha.com *.google.com *.google.co.in *.networkmerchants.com *.paypalobjects.com *.cdn-btsg.com *.audioeye.com *.milwaukeetool.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.gstatic.com www.apptrian.com *.affirm.com *.affirm.ca display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.googletagmanager.com *.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com store.paradoxlabs.com https://redchamps.com https://imgs.signifyd.com https://*.online-metrix.net *.ohiopowertool.com https://seal-centralohio.bbb.org *.google.com *.google.co.in *.bing.com *.clarity.ms *.amazonaws.com *.shareasale.com *.nexmart.com *.noibu.com *.cdn-btsg.com *.quickspark.com *.bazaarvoice.com https://arttrk.com/ *.hotjar.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com www.googletagmanager.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com *.affirm.com *.affirm.ca apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.googletagmanager.com tagmanager.google.com *.authorize.net sandbox-assets.secure.checkout.visa.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://www.dwin1.com https://seal-centralohio.bbb.org *.bing.com *.quickspark.com *.doubleclick.net *.clarity.ms *.nr-data.net *.newrelic.com *.google.com *.networkmerchants.com *.milwaukeetool.com *.noibu.com *.cdn-btsg.com *.pricespider.com *.hotjar.com *.audioeye.com *.impactcdn.com *.online-metrix.net https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com unsafe-inline assets.braintreegateway.com display.ugc.bazaarvoice.com downloads.mailchimp.com tagmanager.google.com fonts.google.com *.mailchimp.com *.bootstrapcdn.com *.quickspark.com *.networkmerchants.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.snplow.net commerce.adobedc.net api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com www.apptrian.com *.affirm.com *.affirm.ca api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.authorize.net https://imgs.signifyd.com *.doubleclick.net *.clarity.ms *.nr-data.net *.networkmerchants.com *.bing.com *.noibu.com wss://*.noibu.com *.cdn-btsg.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.audioeye.com *.sjv.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com strict-dynamic http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.gstatic.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.google.com *.gstatic.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com unsafe-inline *.googleapis.com *.gstatic.com fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com t.elasticsuite.io *.google-analytics.com https://www.google-analytics.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; report-uri https://pointsbet.com.au/_report/csp; script-src 'nonce-MDkyNGQ0OWM3Nw/YzA4NTk3OGQ4ZDg2OTI=' 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' http:; style-src 'self' 'unsafe-inline' https://*.hotjar.com https://use.fontawesome.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://heapanalytics.com https://*.googletagmanager.com https://paywithmybank.com https://*.sportradar.com https://*.pointsbet.com https://*.pointsbet.com.au https://pointsbet.com https://pointsbet.com.au https://www.gstatic.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.braze.com https://api.segment.io https://bat.bing.com/actionp/0 https://bpoint.linkly.com.au https://cdn.segment.com https://dc.services.visualstudio.com https://firebaseinstallations.googleapis.com/v1/projects/ https://heapanalytics.com https://obs.cheqzone.com/ct https://*.g.doubleclick.net https://us-central1-adaptive-growth.cloudfunctions.net https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.google.com.au https://*.google.ca https://ekr.zdassets.com https://*.zendesk.com https://api.smooch.io https://media.smooch.io https://zendesk-eu.my.sentry.io wss://api.smooch.io https://*.zopim.com wss://*.zopim.com wss://*.zendesk.com https://*.jwpsrv.com https://*.jwplayer.com https://*.jwpltx.com https://www.facebook.com https://www.redditstatic.com https://*.reddit.com https://prompts.maze.co *.braintree-api.com api.braintreegateway.com client-analytics.braintreegateway.com *.cardinalcommerce.com https://*.akamaized.net https://*.sportradar.com https://*.snapchat.com https://*.paypal.com https://clientresauprodyol0stntm.blob.core.windows.net https://*.pointsbet.com https://*.pointsbet.com.au wss://*.pointsbet.com wss://*.pointsbet.com.au https://pointsbet.com https://pointsbet.com.au https://analytics.twitter.com https://t.co https://www.googleadservices.com https://gateway.pmnts.io; font-src 'self' https://*.hotjar.com https://use.fontawesome.com https://heapanalytics.com https://fonts.gstatic.com data:; frame-src 'self' *; img-src 'self' blob: data: https://*.hotjar.com https://*.g.doubleclick.net https://*.fls.doubleclick.net https://ad.doubleclick.net https://analytics.twitter.com https://bat.bing.com https://heapanalytics.com https://t.co https://tr.snapchat.com https://google.com https://*.google.com https://*.google.com.au https://*.google.ca https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://ade.googlesyndication.com https://ssl.gstatic.com https://www.gstatic.com https://static.zdassets.com https://*.zendesk.com https://media.smooch.io https://*.zdusercontent.com https://v2assets.zopim.io https://*.adentifi.com https://*.jwplayer.com https://*.jwpltx.com https://www.facebook.com https://alb.reddit.com assets.braintreegateway.com *.paypal.com https://*.sportradar.com https://fonts.gstatic.com www.paypalobjects.com https://*.jwpsrv.com appboy-images.com braze-images.com cdn.braze.eu https://*.pointsbet.com.au https://pointsbet.com https://pointsbet.com.au http://*.pointsbet.com https://match.adsrvr.org https://*.bidswitch.net; manifest-src 'self'; media-src 'self' blob: https://*.jwpsrv.com https://*.akamaized.net https://static.zdassets.com https://*.jwplayer.com https://*.jwpltx.com; worker-src 'self' blob:; child-src *.paypal.com assets.braintreegateway.com; form-action *; report-to csp-report; 1
connect-src 'none'; script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=GT3_fBPPxlIDFIE2QejDEqfH3k.vLmk3YKilQsvlj5M-1721957218-1.0.1.1-rJALQrnP8ESGdKlNtW3QgRyzgvs3x_u.B3JiDtC.7ZxnA.tqjRXjL46fOkM1doPeNfxFFr9bZvkZmP0QhhD3qIYyI2B9r4dXRLn6UFmsIFGI190.dHCZunM8g6XAXr32sigwjSn2d.6zoig_JA0YRrx_RtxqPufpuBs5vh0UuMWetO8kFs2Bx2RqjZSZMQvu4ze7n6slQXKVzUsKoAFEEA; report-to cf-ajhwzmbcfqxpguki 1
font-src *.fontawesome.com *.gstatic.com 'self' data: fonts.gstatic.com *.cloudflare.com *.twitter.com *.typekit.net *.googleapis.com *.bootstrapcdn.com *.hotjar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cleverreach.com *.twitter.com *.cleverreach.de 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com js.mollie.com *.weltpixel.com *.twitter.com *.addthis.com *.uptain.de *.hotjar.com *.facebook.com *.cleverreach.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.cloudfront.net https://www.mollie.com maps.gstatic.com x.klarnacdn.net *.gstatic.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.google.de *.maxcluster.net *.magecomp.com *.ssl-amazon.com *.payments-amazon.com *.wimo.com *.google.com *.google.com.ua *.trbo.com *.clarity.ms *.usercentrics.eu *.bing.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.googleapis.com *.gstatic.com s7.addthis.com js.mollie.com maps.googleapis.com x.klarnacdn.net/ https://www.googletagmanager.com tagmanager.google.com *.cloudflare.com *.twitter.com *.google-analytics.com googletagmanager.com *.trustedshops.com *.fontawesome.com *.addthis.com m.addthis.com z.moatads.com *.addthisedge.com graph.facebook.com widgets.pinterest.com app.uptain.de *.hotjar.com *.facebook.com *.facebook.net *.cloudflareinsights.com *.cleverreach.com *.cleverreach.de *.googleoptimize.com *.trbo.com *.clarity.ms *.usercentrics.eu 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.gstatic.com fonts.googleapis.com tagmanager.google.com *.cloudflare.com *.twitter.com *.typekit.net *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.io *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de ekr.zdassets.com/ t.elasticsuite.io *.google-analytics.com maps.googleapis.com https://www.google-analytics.com *.cloudflare.com *.twitter.com *.paypal.com *.uptain.de *.hotjar.com wss://ws15.hotjar.com *.hotjar.io *.google.com *.google.de *.doubleclick.net *.clarity.ms *.usercentrics.eu 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' filesystem: https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://player.vimeo.com/ https://vimeo.com/ https://cdn.cookielaw.org https://maps.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' http: https: data: www.googletagmanager.com www.google-analytics.com www.ssl.google-analytics.com www.google.com https://player.vimeo.com/ https://vimeo.com/  ; connect-src 'self' 'unsafe-inline' https://region1.google-analytics.com https://cdn.cookielaw.org www.google-analytics.com https://yoast.com; font-src 'self' data: https://fonts.gstatic.com; media-src 'self' data: filesystem: https://player.vimeo.com/ https://vimeo.com/; report-uri https://646b8303974ac544f93aac30.endpoint.csper.io?v=1; object-src 'none'; frame-src https://player.vimeo.com/ https://xweb3.xcerra.com/ https://hcbo.fa.us2.oraclecloud.com/; report-to https://646b8303974ac544f93aac30.endpoint.csper.io?v=1 1
default-src 'self';script-src 'self';style-src 'self';img-src 'self';font-src 'self';frame-src 'self';frame-ancestors 'self';connect-src 'self';report-uri https://sentry2.in2code.de/api/18/security/?sentry_key=61a6326bc5445bd091d0d29a93bf8e39 1
object-src 'none';base-uri 'self';script-src 'nonce-c4-8_8JL-VUaPJK5nSvwhA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.googleapis.com *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com https://maxcdn.bootstrapcdn.com https://cdn.iwae.com www.searchanise.com *.searchserverapi.com *.fontawesome.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.searchanise.com *.searchserverapi.com *.twitter.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://phone.aircall.io/ 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://static.addtoany.com/ www.google.com *.google.com/ *.doubleclick.net *.facebook.com https://phone.aircall.io/ *.getbread.com *.breadpayments.com *.rbcpayplan.com *.wesupply.xyz https://wesupplylabs.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.searchanise.com *.searchserverapi.com *.twitter.com *.weltpixel.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com https://cdn.aircall.io/ *.getbread.com *.breadpayments.com *.rbcpayplan.com https://seal-louisville.bbb.org https://www.google.com https://bid.g.doubleclick.net https://cdn.iwae.com validate.fishpig.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com https://www.magezon.com https://redchamps.com www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.addtoany.com/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com https://cdn.rawgit.com/ https://phone.aircall.io/ https://phone.aircall.io/static/ *.getbread.com *.breadpayments.com *.rbcpayplan.com *.newrelic.com *.nr-data.net https://static.zdassets.com https://acsbapp.com https://www.mczbf.com https://widget.trustpilot.com https://maxcdn.bootstrapcdn.com https://static.klaviyo.com https://fast.a.klaviyo.com https://connect.facebook.net https://ekr.zdassets.com https://static-tracking.klaviyo.com https://telemetrics.klaviyo.com/ *.googleadservices.com *.paypal.com *.braintreegateway.com *.cardinalcommerce.com https://static.ecorebates.com https://cdn.iwae.com https://static-forms.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ *.cloudflare.com widget.freshworks.com m2epro.freshdesk.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://cdn.jsdelivr.net/ https://maxcdn.bootstrapcdn.com https://cdn.iwae.com https://static.klaviyo.com widget.freshworks.com m2epro.freshdesk.com unsafe-inline assets.braintreegateway.com www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com *.fontawesome.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://stats.addtoany.com/menu *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.newrelic.com *.nr-data.net https://www.mczbf.com https://iwae.zendesk.com https://cdn.acsbapp.com https://ekr.zdassets.com https://cdn.iwae.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ widget.freshworks.com m2epro.freshdesk.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com api.amplitude.com stats.g.doubleclick.net *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://fonts.googleapis.com/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com https://apps.bdimg.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://flex.cybersource.com https://testflex.cybersource.com https://unpkg.com https://vjs.zencdn.net; script-src-attr 'self'; style-src 'self' https://cdn.jsdelivr.net https://unpkg.com https://vjs.zencdn.net; style-src-attr 'self'; frame-ancestors 'self' 1
default-src 'self' informer.okta.com sso.scheduleexpress.com *.oktacdn.com; connect-src 'self' informer.okta.com informer-admin.okta.com sso.scheduleexpress.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com informer.kerberos.okta.com https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' informer.okta.com sso.scheduleexpress.com *.oktacdn.com; style-src 'unsafe-inline' 'self' informer.okta.com sso.scheduleexpress.com *.oktacdn.com; frame-src 'self' informer.okta.com informer-admin.okta.com sso.scheduleexpress.com login.okta.com *.vidyard.com; img-src 'self' informer.okta.com sso.scheduleexpress.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' informer.okta.com sso.scheduleexpress.com data: *.oktacdn.com fonts.gstatic.com 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.googleapis.com *.alothemes.com *.magepow.com nitropack.io *.nitrocdn.com blob: 'self' data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com https://seo.mageplaza.com 'self' connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.instagram.com *.google.com *.doubleclick.net www.facebook.com *.richcall.io *.getflowbox.com *.hotjar.com creativecdn.com *.cookiebot.com *.criteo.net *.criteo.com *.datatrics.com *.meubelo.nl *.multisafepay.com https://pay.google.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com nitropack.io blob: 'self' cdn.jsdelivr.net www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.cdninstagram.com 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.apptrian.com *.cloudfront.net *.hipex.cloud *.bing.com *.cheqzone.com *.pinterest.com *.clarity.ms *.yahoo.com *.criteo.net *.criteo.com *.datatrics.com *.meubelo.nl *.multisafepay.com *.alothemes.com *.magepow.com connect.facebook.net graph.facebook.com business.facebook.com https://www.mollie.com nitropack.io *.nitrocdn.com blob: 'self' ts.tradetracker.net www.magmodules.eu www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.instagram.com *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com www.apptrian.com *.richcall.io *.getflowbox.com *.cookiebot.com *.pinimg.com *.criteo.net *.hotjar.com *.zdassets.com *.bing.com *.cheqzone.com *.clarity.ms *.criteo.com *.datatrics.com unpkg.com *.unpkg.com *.adcalls.nl *.meubelo.nl 'self' data: *.multisafepay.com https://pay.google.com *.googleapis.com *.fontawesome.com *.avada.io *.alothemes.com *.magepow.com *.sooqr.com *.spotlersearch.com spotlersearchanalytics.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com https://cdn.tailwindcss.com/ nitropack.io *.intercom.io *.nitrocdn.com nitroscripts.com *.intercomcdn.com blob: 'self' cdn.jsdelivr.net tm.tradetracker.net www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.multisafepay.com *.google.com *.alothemes.com *.magepow.com *.sooqr.com *.spotlersearch.com nitropack.io cdnjs.cloudflare.com *.nitrocdn.com blob: 'self' cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com www.apptrian.com *.zdassets.com *.meubelo.nl 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com www.facebook.com *.facebook.net *.google.com www.apptrian.com *.richcall.io *.getflowbox.com *.zendesk.com *.zdassets.com *.pinterest.com *.clarity.ms *.cheqzone.com *.hotjar.com *.zopim.com *.datatrics.com *.doubleclick.net *.adcalls.nl wss://widget-mediator.zopim.com/ *.meubelo.nl 'unsafe-inline' data: 'unsafe-inline' blob: *.multisafepay.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com connect.facebook.net graph.facebook.com business.facebook.com *.getnitropack.com nitropack.io *.intercom.io *.nitrocdn.com *.intercomcdn.com wss://nexus-websocket-a.intercom.io blob: 'self' 'self' 'unsafe-inline'; child-src *.richcall.io *.getflowbox.com *.meubelo.nl http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.googletagmanager.com/ *.demdex.net *.mathtag.com *.zonos.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.collect.igodigital.com *.demdex.net *.zonos.com *.bing.com *.google.co.in *.google.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.everestjs.net cdn.iglobalstores.com *.zonos.com *.collect.igodigital.com *.demdex.net *.omtrdc.net *.bing.com *.c212.net *.packersproshop.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cdn.cookielaw.org 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net commerce.adobe.net qa-api.magedevteam.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.demdex.net *.zonos.com *.everesttech.net *.doubleclick.net *.clarity.ms *.nr-data.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://analytics.google.com/ https://www.google.com/ *.googlevideo.com/ https://www.facebook.com/ *.facebook.net/ https://www.youtube.com/ https://img.youtube.com/ https://www.youtube-nocookie.com/ https://yt3.ggpht.com/ https://vimeo.com/ *.vimeocdn.com/ *.googleapis.com *.gstatic.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://www.youtube.com/ *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com https://analytics.google.com/ https://www.google.com/ *.googlevideo.com/ https://www.facebook.com/ *.facebook.net/ https://img.youtube.com/ https://www.youtube-nocookie.com/ https://yt3.ggpht.com/ https://vimeo.com/ *.vimeocdn.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://www.youtube.com/ validator.swagger.io https://analytics.google.com/ https://www.google.com/ *.googlevideo.com/ https://www.facebook.com/ *.facebook.net/ https://img.youtube.com/ https://www.youtube-nocookie.com/ https://yt3.ggpht.com/ https://vimeo.com/ *.vimeocdn.com/ *.google.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.paypal.com https://www.google.com https://www.google.com.co maps.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://vimeo.com/ www.vimeo.com *.vimeocdn.com https://www.youtube.com/ *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://analytics.google.com/ https://www.google.com/ *.googlevideo.com/ https://www.facebook.com/ *.facebook.net/ https://img.youtube.com/ https://www.youtube-nocookie.com/ https://yt3.ggpht.com/ *.vimeocdn.com/ https://bam.nr-data.net/ https://js-agent.newrelic.com/ maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.google.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://analytics.google.com/ https://www.google.com/ *.googlevideo.com/ https://www.facebook.com/ *.facebook.net/ https://www.youtube.com/ https://img.youtube.com/ https://www.youtube-nocookie.com/ https://yt3.ggpht.com/ https://vimeo.com/ *.vimeocdn.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net https://vimeo.com/ www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://analytics.google.com/ https://www.google.com/ *.googlevideo.com/ https://www.facebook.com/ *.facebook.net/ https://www.youtube.com/ https://img.youtube.com/ https://www.youtube-nocookie.com/ https://yt3.ggpht.com/ *.vimeocdn.com/ https://bam.nr-data.net/ https://js-agent.newrelic.com/ maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com dhv2ziothpgrr.cloudfront.net use.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com https://fonts.gstatic.com https://cdnjs.cloudflare.com www.judaicawebstore.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com yotpo.com *.nosto.com *.nos.to *.yotpo.com swellrewards.com *.swellrewards.com www.judaicawebstore.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.stripe.com stripe.com www.judaicawebstore.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com yotpo.com *.nosto.com *.nos.to *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com swellrewards.com *.swellrewards.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.trustpilot.com www.judaicawebstore.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com validate.fishpig.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ yotpo.com *.nosto.com *.nos.to dhv2ziothpgrr.cloudfront.net *.yotpo.com swellrewards.com *.swellrewards.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com www.judaicawebstore.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ yotpo.com *.nosto.com *.nos.to *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net *.yotpo.com swellrewards.com *.swellrewards.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://cdnjs.cloudflare.com *.trustpilot.com www.judaicawebstore.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com yotpo.com *.googleapis.com *.nosto.com *.nos.to dhv2ziothpgrr.cloudfront.net *.yotpo.com swellrewards.com *.swellrewards.com fonts.googleapis.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://cdnjs.cloudflare.com *.trustpilot.com www.judaicawebstore.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.judaicawebstore.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ yotpo.com *.nosto.com *.nos.to *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com *.yotpo.com swellrewards.com *.swellrewards.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com www.judaicawebstore.com 'self' 'unsafe-inline'; child-src www.judaicawebstore.com http: https: blob: 'self' 'unsafe-inline'; default-src www.judaicawebstore.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://tr.snapchat.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.klarna.com https://js.klarna.com https://js.playground.klarna.com https://online2.superoffice.com *.fls.doubleclick.net  https://tr.snapchat.com https://vars.hotjar.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.klarna.com *.klarnaevt.com *.klarnacdn.net *.googleapis.com *.gstatic.com https://eu.klarnaevt.com https://eu.playground.klarnaevt.com https://x.klarnacdn.net/ https://visitanalytics.userreport.com https://ad.doubleclick.net  https://ib.adnxs.com https://adservice.google.com https://www.google.com https://www.google.se https://www.google.no https://www.facebook.com flagpedia.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.klarna.com *.klarnacdn.net *.googleapis.com *.gstatic.com https://js.klarna.com https://js.playground.klarna.com https://js-agent.newrelic.com/ https://bam.eu01.nr-data.net/ https://cdn-ukwest.onetrust.com/ https://www.tryggehandel.no/ https://online2.superoffice.com https://www.googleoptimize.com https://static.hotjar.com https://sc-static.net https://connect.facebook.net  *.adnxs.com https://track.adform.net https://script.hotjar.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klarnaevt.com *.googleapis.com https://*.54proxy.com https://eu.klarnaevt.com https://eu.playground.klarnaevt.com https://bam.eu01.nr-data.net https://cdn-ukwest.onetrust.com https://www.google-analytics.com https://stats.g.doubleclick.net https://tr.snapchat.com https://maps.googleapis.com *.klarnacdn.net *.klarna.com www.gstatic.com maps.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-facr-Vs1V1YtDaL8hcklsw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' fonts.gstatic.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com ctrack.trafficjunky.net geo-tracker.smadex.com 'self' https://newassets.hcaptcha.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com;script-src 'self' 'unsafe-inline' *.googletagmanager.com mc.yandex.ru *.google-analytics.com *.youtube.com mc.yandex.com mc.yandex.ru *.google.com *.gstatic.com *.mightytips.com my.rtmark.net *.hybrid.ai https://*.g.doubleclick.net ctrack.trafficjunky.net geo-tracker.smadex.com;img-src * data:;font-src 'self' fonts.gstatic.com;connect-src 'self' *.youtube.com mc.yandex.ru *.analytics.google.com *.google-analytics.com doubleclick.net *.googletagmanager.com mc.yandex.com mc.yandex.ru mc.yandex.md yandexmetrica.com *.mightytips.com https://*.g.doubleclick.net ctrack.trafficjunky.net geo-tracker.smadex.com https://analytics.google.com;frame-src 'self' *.youtube.com *.instagram.com *.twitter.com *.yandex.com *.google.com my.rtmark.net *.hybrid.ai https://*.g.doubleclick.net ctrack.trafficjunky.net geo-tracker.smadex.com 'self' https://newassets.hcaptcha.com;script-src-elem 'self' 'unsafe-inline' *.instagram.com *.googletagmanager.com *.yandex.ru *.google-analytics.com *.twitter.com *.youtube.com mc.yandex.com *.google.com *.gstatic.com mc.yandex.ru *.mightytips.com my.rtmark.net *.hybrid.ai https://*.g.doubleclick.net ctrack.trafficjunky.net geo-tracker.smadex.com track.trackingtraffo.com https://www.hcaptcha.com/1/api.js;frame-ancestors 'self';report-uri /cspreport.php 1
font-src *.fontawesome.com fonts.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.dotdigital-pages.com *.dotdigital.com www.google.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.adyen.com *.trackedlink.net *.facebook.com ecomm-cdn.trurating.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.adyen.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal www.google.com/recaptcha/ www.gstatic.com/recaptcha/ cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.googletagmanager.com *.facebook.net ecomm-cdn.trurating.com ecommwidget.trurating.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.fontawesome.com fonts.googleapis.com *.googleapis.com *.addtoany.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.algolia.net *.algolia.com *.algolianet.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.google-analytics.com ecommapi.trurating.com http://dpm.demdex.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'report-sample'; style-src 'self'; report-to csp-endpoint 1
default-src *; script-src 'self' 'unsafe-inline' 'strict-dynamic' http: https: 'nonce-gr8p0p4rd1n1'; style-src 'self' 'unsafe-inline' http: https: data:; img-src 'self' 'unsafe-inline' http: https: data:; connect-src *; font-src 'self' 'unsafe-inline' http: https: data:; media-src *; report-uri *; child-src *; form-action *; frame-ancestors 'self'; object-src 'none'; frame-src *; worker-src *; manifest-src *; prefetch-src *; base-uri 'self' 'strict-dynamic' 1
default-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://*.baidu.com http://*.baidu.com https://*.baidustatic.com http://*.baidustatic.com https://*.hao123.com http://*.hao123.com https://*.bdstatic.com http://*.bdstatic.com https://*.hao123img.com http://*.hao123img.com https://*.hao222.com http://*.hao222.com https://*.baidu.cn http://*.baidu.cn https://*.shifen.com http://*.shifen.com https://*.bdimg.com http://*.bdimg.com https://*.bcebos.com http://*.bcebos.com https://dwz.cn http://dwz.cn; img-src * data:; media-src * data:; report-uri /hao123_api/csp/report 1
object-src 'none';base-uri 'self';script-src 'nonce-4NaTyJe4gomvzpneT3qysA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-xCiNftGQMQcmdOAX7GiNjA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.klevu.com *.ksearchnet.com *.fontawesome.com *.typekit.net https://widgets.trustedshops.com integrations.etrusted.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://seo.mageplaza.com www.facebook.com *.copernica.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://*.dpdconnect.nl *.dpdconnect.nl service2.loyaltyinabox.com *.pinterest.com www.facebook.com www.youtube.com view.publitas.com www.google.com www.google.nl www.google.de *.google.com maps.google.com chat.babypark.nl *.doubleclick.net td.doubleclick.net googleads.g.doubleclick.net widget.trustpilot.com *.cookiebot.com *.cookiebot.eu c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://static.buckaroo.nl *.klevu.com *.ksearchnet.com www.babypark.nl www.babypark.de m2.babypark.mavendev.com m2.babypark-de.mavendev.com www.ikenik.nl m2.ikenik.mavendev.com m2.babydump.mavendev.com m2.babydump-de.mavendev.com www.google.com www.google.nl www.google.de www.google.com.ua www.facebook.com ct.pinterest.com www.googletagmanager.com www.zenaps.com www.awin1.com static.zdassets.com bat.bing.com www.thuiswinkel.org i.ytimg.com img.youtube.com blob: lantern.roeye.com *.bing.com *.clarity.ms *.cookiebot.com *.cookiebot.eu integrations.etrusted.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: maps.gstatic.com https://widgets.trustedshops.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com https://*.dpdconnect.nl js.klevu.com *.ksearchnet.com *.avada.io www.googletagmanager.com checkout.buckaroo.nl *.clarity.ms lantern.roeyecdn.com widgets.trustedshops.com web-sdk.smartlook.com www.dwin1.com s.pinimg.com connect.facebook.net static.buckaroo.nl view.publitas.com api.360productviewer.com googleads.g.doubleclick.net bat.bing.com static.zdassets.com js-agent.newrelic.com *.livechatinc.com bam.eu01.nr-data.net chat.babypark.nl widget.trustpilot.com *.pinterest.com *.hotjar.com *.hotjar.io *.cookiebot.com *.cookiebot.eu integrations.etrusted.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com maps.googleapis.com https://widgets.trustedshops.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl cdn.dnky.co webchat.dotdigital.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.typekit.net checkout.buckaroo.nl integrations.etrusted.com unsafe-inline *.googleapis.com *.gstatic.com https://widgets.trustedshops.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src static.zdassets.com integrations.etrusted.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.klevu.com *.ksearchnet.com *.clarity.ms *.pinterest.com *.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net manager.eu.smartlook.cloud ekr.zdassets.com babyparkgmbh.zendesk.com wss://widget-mediator.zopim.com api.360productviewer.com www.facebook.com livechat.fabulor.eu bam.eu01.nr-data.net region1.analytics.google.com *.google.com *.hotjar.com *.hotjar.io analytics.google.com bat.bing.com *.cookiebot.com *.cookiebot.eu *.copernica.com integrations.etrusted.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google-analytics.com *.trustedshops.com *.etrusted.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.google.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-BvU0pJ75KzAtX-ibZRU2rA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com www.034motorsport.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.yotpo.com www.034motorsport.com 'self' 'unsafe-inline'; frame-ancestors www.034motorsport.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: *.affirm.com *.affirm.ca connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com www.034motorsport.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.gstatic.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.affirm.com *.affirm.ca validate.fishpig.co.uk 'self' data: * flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com www.034motorsport.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com tagmanager.google.com https://www.googletagmanager.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.affirm.com *.affirm.ca connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.avada.io * assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com www.034motorsport.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline *.yotpo.com www.034motorsport.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com www.034motorsport.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google-analytics.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.affirm.com *.affirm.ca connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com sessions.bugsnag.com https://get.geojs.io *.avada.io www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com www.034motorsport.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com www.034motorsport.com http: https: blob: 'self' 'unsafe-inline'; default-src www.034motorsport.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.livechatinc.com https://*.haiku.ai https://api.hubspot.com https://api.mixpanel.com https://cdn.freshmarketer.com https://cdn.mxpnl.com https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://forms.hsforms.com https://googleads.g.doubleclick.net https://info.proctoru.com https://ip.freshmarketer.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hsadspixel.net https://js.hsforms.net https://js.usemessages.com https://maxcdn.bootstrapcdn.com https://pi.pardot.com https://px.ads.linkedin.com https://snap.licdn.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com https://js.hscta.net https://cta-service-cms2.hubspot.com https://hire.withgoogle.com https://*.adroll.com https://*.consensu.org https://*.twitter.com/ https://cdn.syndication.twimg.com/ https://*.fullstory.com/ https://js.hs-banner.com https://api.hubapi.com https://sc.lfeeder.com https://tagmanager.google.com https://yas.bamboohr.com https://*.cincopa.com https://www.meazurelearning.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.typekit.net https://maxcdn.bootstrapcdn.com https://platform.twitter.com/ https://tagmanager.google.com https://*.bamboohr.com https://*.meazurelearning.com https://cdn.jsdelivr.net; img-src https: data:; connect-src https://www.google-analytics.com https://*.haiku.ai https://api.mixpanel.com https://api.hubspot.com https://api.hubapi.com https://*.fullstory.com/ https://*.bamboohr.com https://stats.g.doubleclick.net; font-src 'self' data: https://use.typekit.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; media-src https://*.livechatinc.com; frame-ancestors 'none'; object-src 'none'; frame-src https://secure.livechatinc.com https://bid.g.doubleclick.net https://forms.hsforms.com https://www.facebook.com https://www.youtube.com https://hire.withgoogle.com https://www.proctoru.com https://player.vimeo.com https://platform.twitter.com/ https://syndication.twitter.com/ https://twitter.com/; upgrade-insecure-requests 1
script-src 'nonce-e4f8f32216203764ea3cbe4211a84dc2ca5cade202440be818337736a911166d' 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.googleapis.com *.bing.com *.pcapredict.com *.dwin1.com lantern.roeyecdn.com services.postcodeanywhere.co.uk *.facebook.net; object-src 'none'; base-uri 'none'; report-uri /includes/csp_report.php 1
default-src 'self' *.westwoodone.com 'report-sample'; base-uri 'self'; script-src 'self' *.westwoodone.com *.googletagmanager.com *.google-analytics.com stats.wp.com cdn.cookielaw.org *.onetrust.com connect.facebook.net form.jotform.com cdn.jotfor.ms 'sha256-GxV10O3xrTuweqSjE3k8/UGb7irvsFYdUK711POFvzc=' 'sha256-c+CYEhgKdflkS7NkNF38sTDK0VLLrFYlfv+1CMgSpI4=' 'nonce-070u6VaVFFkjTixmkxwKJ+bb' 'report-sample'; style-src 'self' 'unsafe-inline' *.westwoodone.com fonts.googleapis.com cdn.jotfor.ms 'report-sample'; img-src 'self' data: *.westwoodone.com *.wp.com cdn.cookielaw.org *.googletagmanager.com *.google-analytics.com https://www.linkedin.com/favicon.ico https://twitter.com/favicon.ico https://facebook.com/favicon.ico https://syndication.twitter.com/i/jot/embeds i.vimeocdn.com; font-src 'self' data: *.westwoodone.com fonts.gstatic.com; connect-src 'self' *.google-analytics.com stats.g.doubleclick.net player.cumulusmedia.com cdn.cookielaw.org *.onetrust.com submit.jotform.com; media-src 'self' *.westwoodone.com dl.dropbox.com dl.dropboxusercontent.com; object-src 'none'; frame-src 'self' *.westwoodone.com *.jotform.com *.vimeo.com *.youtube.com *.megaphone.fm *.soundcloud.com platform.twitter.com; report-uri https://www.westwoodone.com/wp-admin/admin-ajax.php?action=wpshr 1
default-src 'self' ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://cdn.optimizely.com https://static.ads-twitter.com www.google-analytics.com www.gstatic.com https://analytics.twitter.com https://ssl.google-analytics.com https://www.youtube.com https://player.youku.com https://v1-tt.ixigua.com https://www.google.com https://*.googleapis.com https://bat.bing.com use.typekit.net https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https://platform.twitter.com https://rum-static.pingdom.net https://ajax.aspnetcdn.com https://s.ytimg.com https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.0/slick.min.js https://pi.pardot.com https://www.brighttalk.com; style-src 'self' data: 'unsafe-inline' *.googleapis.com use.typekit.net; img-src * data: ; font-src 'self' data: https://fonts.typekit.net fonts.gstatic.com https://use.typekit.net http://fontface.ninja; child-src 'self' http://sdn.sitecore.net https://www.youtube.com https://player.youku.com https://v1-tt.ixigua.com https://www.google.com https://accounts.google.com https://www.googletagmanager.com ; frame-src 'self' http://sdn.sitecore.net https://www.youtube.com https://player.youku.com https://v1-tt.ixigua.com https://player.vimeo.com https://go.pardot.com https://www.brighttalk.com https://e.issuu.com; frame-ancestors 'self' ; connect-src 'self' https://rum-collector-2.pingdom.net ; media-src 'self' https://cruprod.blob.core.windows.net; report-uri https://3chillies.report-uri.io/r/default/csp/reportOnly; 1
object-src 'none';base-uri 'self';script-src 'nonce-prTnqmrfqC4Co41GDxxvSQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com https://fonts.gstatic.com *.fontawesome.com fonts.googleapis.com https://www.google.com https://www.gstatic.com fonts.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com/ *.doubleclick.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.twitter.com *.consensu.org *.sharethis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.sharethis.com *.google.it *.amazonaws.com *.mcusercontent.com mcusercontent.com https://www.magezon.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trackedlink.net *.sharethis.com chimpstatic.com *.chimpstatic.com *.mailchimp.com *.list-manage.com *.hotjar.com *.googleapis.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cdn.scalapay.com b2c-cdn.scalapay.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.mailchimp.com *.google.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com www.facebook.com *.facebook.net *.google.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org *.sharethis.com *.doubleclick.net http://dpm.demdex.net https://www.google.com https://www.gstatic.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com t.elasticsuite.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /errorendpoint.html 1
object-src 'none';base-uri 'self';script-src 'nonce-rnq2cOYGkzJNrCYuSYY_tA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com www.google-analytics.com www.gstatic.com ajax.googleapis.com use.typekit.net www.google.com embed.wized.com cdn.jsdelivr.net code.jquery.com d3e54v103j8qbb.cloudfront.net *.website-files.com content.liquidplus.com content.teamliquid.com platform.twitter.com player.vimeo.com www.instagram.com static.cloudflareinsights.com cdnjs.cloudflare.com unpkg.com www.youtube.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com use.typekit.net cdn.jsdelivr.net p.typekit.net translate.googleapis.com *.website-files.com; img-src 'self' data: static-cdn.jtvnw.net i.vimeocdn.com i.ytimg.com content.liquidplus.com content.teamliquid.com p.typekit.net https://*.google-analytics.com https://*.googletagmanager.com *.website-files.com cdn.shopify.com; media-src 'self' content.liquidplus.com content.teamliquid.com *.website-files.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com server.wized.com cloudflareinsights.com; font-src 'self' data: fonts.gstatic.com use.typekit.net uploads-ssl.webflow.com; child-src www.google.com player.vimeo.com vimeo.com www.youtube.com cdn.embedly.com platform.twitter.com www.instagram.com; report-uri https://s1r2d1cd.uriports.com/reports/report 1
font-src fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.shopperapproved.com *.vertexsmb.com www.googletagmanager.com www.sageexchange.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.google.com *.vertexsmb.com seal.godaddy.com static.hotjar.com www.sageexchange.com *.formstack.com *.meetanshi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.shopperapproved.com seal-boston.bbb.org *.googleapis.com maps.gstatic.com *.meetanshi.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ www.google.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://www.shopperapproved.com https://direct.shopperapproved.com *.vertexsmb.com seal.godaddy.com static.hotjar.com www.sageexchange.com *.formstack.com stats.g.doubleclick.net bat.bing.com *.ywxi.net *.amazonaws.com *.sagepayments.net maps.googleapis.com *.meetanshi.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com unsafe-inline *.googleapis.com seal.godaddy.com stats.g.doubleclick.net bat.bing.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.vertexsmb.com seal.godaddy.com static.hotjar.com *.googleapis.com *.formstack.com stats.g.doubleclick.net www.sageexchange.com *.ywxi.net *.amazonaws.com *.sagepayments.com *.meetanshi.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'report-sample' 'self' https://consent.cookiebot.com/uc.js https://consentcdn.cookiebot.com/consentconfig/1dcaeb4c-38c7-4341-9d3a-8bebecb3dfe0/state.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtm.js https://www.gstatic.com/recaptcha/releases/iRvKkcsnpNcOYYwhqaQxPITz/recaptcha__en.js; style-src 'report-sample' 'self' https://fonts.googleapis.com https://use.fontawesome.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://consentcdn.cookiebot.com https://region1.google-analytics.com https://www.google.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://consentcdn.cookiebot.com https://www.google.com; img-src 'self' https://px.ads.linkedin.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
font-src fonts.gstatic.com *.gstatic.com data: https://geowidget.easypack24.net *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com fonts.googleapis.com *.cloudflare.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com sandbox.przelewy24.pl secure.przelewy24.pl 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.google.com account.fetchify.com https://geowidget-app.inpost.pl/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com api.createx-editor.com *.facebook.com *.facebook.net *.hotjar.com/ *.pinterest.com/ *.webpower.eu 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org static.przelewy24.pl www.gstatic.com gstatic.com www.magmodules.eu *.squeezely.tech api.createx-editor.com work.cloudlab.at:9012 localhost:8080 *.facebook.com *.goedgemerkt.nl goedgemerkt.nl *.bing.com/ *.trengo.eu/ *.pinterest.com *.amazonaws.com/ *.feefo.com/ *.salesfire.co.uk *.cloudflare.com squeezely.tech data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googleapis.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.vimeo.com maps.gstatic.com fonts.googleapis.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org sandbox.przelewy24.pl secure.przelewy24.pl squeezely.tech www.squeezely.tech *.squeezely.tech *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com *.cloudflare.com *.hotjar.com/ *.facebook.com/ *.facebook.net/ api.your-printq.com/ *.bing.com/ *.tiktok.com/ *.widget.trengo.eu/ *.pinimg.com/ *.feefo.com/ *.salesfire.co.uk *.googleoptimize.com/ s3.amazonaws.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline cc-cdn.com https://geowidget.easypack24.net https://geowidget.inpost.pl *.fontawesome.com *.trustpilot.com fonts.gstatic.com *.cloudflare.com *.feefo.com/ *.salesfire.co.uk cdn-images.mailchimp.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net *.trengo.eu/ api.createx-editor.com work.cloudlab.at:9012 localhost:8080 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.easypack24.net *.inpost.pl *.openstreetmap.org sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com squeezely.tech *.squeezely.tech *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.createx-editor.com work.cloudlab.at:9012 localhost:8080 *.facebook.com *.trustpilot.com *.tiktok.com *.pinterest.com *.widget.trengo.eu/ *.hotjar.com/ stats.g.doubleclick.net/ *.google-analytics.com/ *.goedgemerkt.nl gtmss.bienmarquer.fr *.feefo.com/ *.smartmetrics.co.uk *.salesfire.co.uk 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; 1
font-src data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *.yotpo.com bam.nr-data.net cdn-widgetsrepository.yotpo.com js-agent.newrelic.com pylotprod.mudpie.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com www.youtube.com a.klaviyo.com ekr.zdassets.com fast.a.klaviyo.com foursixty.com connect.facebook.net googleads.g.doubleclick.net s.pinimg.com static-tracking.klaviyo.com static.klaviyo.com static.zdassets.com tag.rmp.rakuten.com ut.rd.linksynergy.com www.googleadservices.com ct.pinterest.com stats.g.doubleclick.net jstest.authorize.net maps.googleapis.com *.mudpie.com widget-mediator.zopim.com platform.mudpie.com js.authorize.net www.mudpie.com https://analytics.tiktok.com/; report-uri /.webscale/csp-report 1
object-src 'none';base-uri 'self';script-src 'nonce-4-TZacd7qDdGR8_f3Z_Saw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com *.alothemes.com *.magepow.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.instagram.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cdninstagram.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.alothemes.com *.magepow.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.instagram.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io *.alothemes.com *.magepow.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.processout.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com unpkg.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com *.alothemes.com *.magepow.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; report-uri https://violations.post.ch/CSP/incamail/prod/report-only 1
font-src fonts.gstatic.com use.typekit.net *.cdnfonts.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com https://media.flixcar.com https://media.flixfacts.com *.oppwa.com https://cdn.cs.1worldsync.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://www.mcprod.courts.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.twitter.com https://credomatic.compassmerchantsolutions.com https://integracion.alignetsac.com https://eu-test.oppwa.com https://staging.ptranz.com/api/spi/Conductor https://gateway.ptranz.com/api/spi/Conductor https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://vpayment.verifika.com https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.twitter.com https://service.force.com/ https://h.online-metrix.net https://www.facebook.com/ https://integracion.alignetsac.com https://eu-test.oppwa.com https://preaprobados.unicomer.com/ https://lacuracaoapps.com/ https://unicomer-ecuador-guayaquil.dispatchtrack.com/ https://unicomer-ecuador-quito.dispatchtrack.com/ https://ficohsa.pixelpay.app https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://ppipe.net https://vpayment.verifika.com https://media.flixcar.com https://hp.omnitok.com/ https://front-notrack.indexado.production.pmbox.cloud https://pagostest.datafast.com.ec https://eu-test.ppipe.net https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.demdex.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com/ https://www.youtube.com https://www.facebook.com/ connect.facebook.net graph.facebook.com business.facebook.com *.twitter.com https://service.force.com/ https://h.online-metrix.net https://integracion.alignetsac.com https://eu-test.oppwa.com https://preaprobados.unicomer.com/ https://lacuracaoapps.com/ https://unicomer-ecuador-guayaquil.dispatchtrack.com/ https://unicomer-ecuador-quito.dispatchtrack.com/ https://ficohsa.pixelpay.app https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://ppipe.net https://vpayment.verifika.com https://media.flixcar.com https://hp.omnitok.com/ https://front-notrack.indexado.production.pmbox.cloud https://pagostest.datafast.com.ec https://eu-test.ppipe.net https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx *.v1.modern-life-interactive.com https://v1.modern-life-interactive.com hn.ficoposonline.com *.cloudfront.net https://notrack.indexado.pmbox.cloud media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://centinelapistag.cardinalcommerce.com/ https://www.mcprod.courts.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com https://vpos.infonet.com.py/ https://vpos.infonet.com.py:8888/ https://centinelapi.cardinalcommerce.com https://centinelapi.cardinalcommerce.com/V1/Cruise/Collect 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://www.magezon.com https://www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu https://lcoimgprod-grupounicomer.netdna-ssl.com https://cmsuat.lacuracaonline.com https://maps.gstatic.com https://maps.googleapis.com/ *.online-metrix.net https://radioshackla-uat-grupounicomer.netdna-ssl.com https://log.pinterest.com https://gollotienda-uat-24-grupounicomer.netdna-ssl.com https://eu-test.oppwa.com https://img.youtube.com https://unicomer--c.na100.visual.force.com https://unicomer--c.vf.force.com https://unicomer.lightning.force.com https://unicomer.my.salesforce.com https://unicomer--uat.sandbox.my.site.com https://eu-prod.oppwa.com https://otpbk.datafast.com.ec *.demoup.com https://media.flixcar.com https://rt.flix360.com https://event.syndigo.cloud https://event.webcollage.net https://fonts.gstatic.com https://www.googletagmanager.com https://d3np41mctoibfu.cloudfront.net https://media.flixfacts.com https://content.syndigo.com https://s3-sa-east-1.amazonaws.com *.oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx *.ggpht.com https://cdn.cs.1worldsync.com https://files.alquimio.cloud https://fichashppervasive.blob.core.windows.net *.cc.cnetcontent.com https://mycliplister.com/ *.igodigital.com/ https://grupounicomerhelp.zendesk.com https://static.zdassets.com *.zendesk.com/ media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://www.mcprod.courts.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com * www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com *.magento-ds.com www.googletagmanager.com *.fontawesome.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu https://h.online-metrix.net *.oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://www.mcprod.courts.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://digital-gollo.cs24.force.com https://unicomer--digital.cs24.my.salesforce.com https://c.la1-c1cs-ph2.salesforceliveagent.com/content 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.cdnfonts.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu https://service.force.com https://integracion.alignetsac.com https://gollotienda-uat-24-grupounicomer.netdna-ssl.com https://eu-test.oppwa.com https://gollo.force.com https://unicomer.my.site.com https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://vpayment.verifika.com https://unicomer--uat.sandbox.my.site.com https://media.flixcar.com https://www.googletagmanager.com https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx *.1worldsync.com media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://www.mcprod.courts.com unsafe-inline assets.braintreegateway.com https://digital-gollo.cs24.force.com https://unicomer--digital.cs24.my.salesforce.com https://c.la1-c1cs-ph2.salesforceliveagent.com/content 'self' 'unsafe-inline'; object-src https://h.online-metrix.net *.oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://www.mcprod.courts.com 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://image.unicomermktg.com 'self' blob: *.demoup.com *.oppwa.com https://static.zdassets.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://www.mcprod.courts.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net * www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com https://maps.googleapis.com https://service.force.com/ https://log.pinterest.com https://h.online-metrix.net https://gollotienda-uat-24-grupounicomer.netdna-ssl.com https://integracion.alignetsac.com https://eu-test.oppwa.com https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx blob: media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com https://digital-gollo.cs24.force.com https://unicomer--digital.cs24.my.salesforce.com https://c.la1-c1cs-ph2.salesforceliveagent.com/content 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.artefacta.com/pr-csp/report/add/; report-to report-endpoint; 1
font-src fonts.googleapis.com fonts.gstatic.com https://www.gstatic.com https://fonts.gstatic.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca https://www.googletagmanager.com/ https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://*.online-metrix.net https://imgs.signifyd.com sewactivate.phc.brother 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca s3.us-east-1.amazonaws.com *.bird.eu http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com 'self' data: https://imgs.signifyd.com https://*.online-metrix.net s3.amazonaws.com img.babylock.com google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://polyfill-fastly.io https://browser.sentry-cdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com cdn.cookielaw.org sewactivate.phc.brother woobox.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://*.ingest.sentry.io *.sentry.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com https://imgs.signifyd.com cdn.cookielaw.org sewactivate.phc.brother woobox.com https://glgefieuo4.execute-api.us-east-2.amazonaws.com/babylock/top-of-the-line-form-submissions 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com woobox.com https://glgefieuo4.execute-api.us-east-2.amazonaws.com/babylock/top-of-the-line-form-submissions 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.klarnacdn.net *.klevu.com *.ksearchnet.com fonts.gstatic.com data: v2.zopim.com js.klevu.com static.klaviyo.com *.wistia.com maxcdn.bootstrapcdn.com fonts.yieldify-production.com acsbapp.com *.hotjar.com *.nudgify.com x.klarnacdn.net *.narvar.com *.narvar.qa *.gstatic.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.klarna.com d.agkn.com vimeo.com *.criteo.com *.criteo.net *.doubleclick.net *.trustpilot.com *.paypalobjects.com *.wistia.net button.aftership.com *.sharethis.com *.zendesk.com *.zdassets.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.adroll.com *.attn.tv *.yieldify.com *.kaptcha.com *.sirv.com *.katapult.com *.nudgify.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://img.youtube.com https://* insight.adsrvr.org vimeo.com bat.bing.com js.klevu.com *.klaviyo.com v2.zopim.com maps.googleapis.com *.criteo.com *.criteo.net *.doubleclick.net *.wistia.com *.attn.tv *.nudgify.com *.klarnaservices.com *.narvar.com *.narvar.qa store.paradoxlabs.com maps.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.getbread.com *.breadpayments.com *.rbcpayplan.com x.klarnacdn.net *.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com *.kaptcha.com s7.addthis.com *.visualwebsiteoptimizer.com *.mida.so *.omniconvert.com *.convertexperiments.com *.metrics.convertexperiments.com *.wisernotify.com *.liadm.com *.getgobot.com solutions.invocacdn.com v2.zopim.com static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com *.trustpilot.com bat.bing.com button.aftership.com *.criteo.com *.criteo.net *.klaviyo.com *.attn.tv *.doubleclick.net acsbapp.com *.wistia.com *.wistia.net *.steelhousemedia.com *.mouseflow.com *.sharethis.com js-agent.newrelic.com *.nr-data.net *.zendesk.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.adroll.com www.googleoptimize.com pnapi.invoca.net *.yieldify.com *.noibu.com *.lordoftheentertainingostriches.com *.katapult.com *.sirv.com *.howuku.com *.usbrowserspeed.com *.clarity.ms *.nudgify.com *.authorize.net maps.googleapis.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klarnacdn.net https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.mida.so *.omniconvert.com *.convertexperiments.com *.metrics.convertexperiments.com *.wisernotify.com js.klevu.com *.klaviyo.com *.sharethis.com maxcdn.bootstrapcdn.com wss://*.hotjar.com fonts.googleapis.com *.katapult.com *.nudgify.com x.klarnacdn.net *.trustpilot.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com blob: embedwistia-a.akamaihd.net *.zendesk.com *.zdassets.com *.narvar.com *.narvar.qa 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.kaptcha.com ekr.zdassets.com/ *.mida.so *.omniconvert.com *.convertexperiments.com *.metrics.convertexperiments.com *.azurewebsites.net *.wisermapp.com *.ip-api.com *.liadm.com *.criteo.com *.getgobot.com *.googlesyndication.com *.attentivemobile.com *.invoca.net *.yieldify.com *.dc.yieldify.com *.yieldify-production.com *.zopim.com wss://widget-mediator.zopim.com static.zdassets.com ekr.zdassets.com *.google.com *.acsbapp.com *.doubleclick.net *.klaviyo.com https://bt.signifyd.com:11103/ *.signifyd.com:11103 *.paypal.com *.paypalobjects.com *.wistia.com *.litix.io *.akamaihd.net bat.bing.com *.trustpilot.com *.sharethis.com *.nr-data.net *.mouseflow.com *.attn.tv maps.googleapis.com *.zendesk.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.adroll.com *.lordoftheentertainingostriches.com *.noibu.com wss://*.noibu.com zendesk-eu.my.sentry.io fonts.googleapis.com *.breadgateway.net *.howuku.com *.clarity.ms *.nudgify.com *.klarnauserservices.com *.authorize.net *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src vimeo.com *.vimeocdn.com *.getbread.com *.klarna.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-457bac3963cd4a6c815b24b7a95ce9eb' https://www.thechristhospitalmychart.com 'self';img-src https://* 'self' blob: data:;style-src https://www.thechristhospitalmychart.com 'self' 'unsafe-inline';form-action 'self';media-src https://* 'self'; 1
font-src https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com 'self' data: *.gstatic.com www.xtento.com cdn.xtento.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.kaptcha.com *.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.ingest.sentry.io *.kaptcha.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com https://www.google-analytics.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://dd153113-99f8-4da5-9d06-28ec5f358e1e.sansec.watch/; report-to report-endpoint; 1
default-src 'self' *.cloudflare.com 'unsafe-inline' *.googleapis.com *.lfeeder.com *.leadfeeder.com consentcdn.cookiebot.com cdn2.hubspot.net *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net  *.hscollectedforms.net  *.hsforms.net *.hsforms.com static.hsappstatic.net js.hubspotfeedback.com js.usemessages.com *.vidyard.com 'unsafe-hashes' *.hubspotusercontent-na1.net; font-src fonts.gstatic.com static.hsappstatic.net *.fontawesome.com *.hubspotusercontent-na1.net; connect-src 'self' https://google.com/pagead/form-data https://google.com/ccm/form-data https://www.google.com/pagead/landing pixel-config.reddit.com analytics.twitter.com ads-api.twitter.com ads-twitter.com https://www.redditstatic.com conversions-config.reddit.com js.hs-banner.com js.hscta.net *.hubapi.com *.linkedin.com cdn.linkedin.oribi.io stats.g.doubleclick.net *.hscollectedforms.net *.fontawesome.com *.google-analytics.com *.hubspot.com consentcdn.cookiebot.com googleads.g.doubleclick.net https://googleads.g.doubleclick.net/pagead *.hsforms.com *.analytics.google.com; img-src 'self' */ads/ga-audiences *.ververica.com *.lfeeder.com *.leadfeeder.com analytics.twitter.com ads-api.twitter.com ads-twitter.com www.googletagmanager.com no-cache.hubspot.com js.hscta.net data: *.hubspot.com *.linkedin.com *.cookiebot.com *.hsforms.com *.hsappstatic.net *.hubspotusercontent-na1.net https://www.google-analytics.com https://www.facebook.com https://alb.reddit.com https://www.google.com https://t.co googleads.g.doubleclick.net; frame-src 'self' play.hubspotvideo.com *.hs-sites.com forms.hsforms.com td.doubleclick.net www.youtube.com consentcdn.cookiebot.com *.hubspot.com platform.twitter.com www.google.com www.facebook.com; object-src 'none'; base-uri 'none'; script-src 'self' 'unsafe-eval' *.hubapi.com *.cloudflare.com *.googleapis.com *.lfeeder.com *.leadfeeder.com feedback.hubapi.com *.usemessages.com js.hscta.net *.hs-analytics.net static.hsappstatic.net *.hsadspixel.net *.hubspot.com js.hsforms.net lookerstudio.google.com www.googletagmanager.com kit.fontawesome.com consent.cookiebot.com www.google-analytics.com 'unsafe-inline' app.hubspot.com js.hsleadflows.net js.hscollectedforms.net js.usemessages.com js.hs-banner.com consentcdn.cookiebot.com connect.facebook.net googleads.g.doubleclick.net www.redditstatic.com snap.licdn.com static.ads-twitter.com platform.twitter.com *.linkedin.com cdn2.hubspot.net; frame-ancestors 'self' www.ververica.academy 1
default-src 'self'; manifest-src 'self'; base-uri 'self'; form-action 'self'; font-src 'self' data: 'unsafe-inline'; frame-ancestors 'self'; object-src 'none'; img-src www.googletagmanager.com 'self' blob: data:; connect-src www.google-analytics.com https://api.chilisburgertime.com 'self' data: blob: cognito-idp.us-east-1.amazonaws.com cognito-identity.us-east-1.amazonaws.com wss://av1469bmuw31r-ats.iot.us-east-1.amazonaws.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com; style-src-elem 'self' blob: data: 'unsafe-inline'; style-src 'self' blob: data: 'unsafe-inline'; worker-src 'self' blob: data; media-src 'self' data:; 1
font-src *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.googletagmanager.com www.facebook.com *.saferpay.com notifpush.com *.laiye.com *.destygo.com *.mindsay.com *.googleapis.com *.gstatic.com *.piwik.pro 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.googletagmanager.com api.devatics.io *.doubleclick.net gjigle.com *.saferpay.com www.facebook.com notifpush.com *.laiye.com *.destygo.com *.mindsay.com *.googleapis.com *.gstatic.com *.piwik.pro insight.adsrvr.org https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io gjigle.com *.googleapis.com *.googletagmanager.com *.doubleclick.net *.gstatic.com *.linkedin.com www.facebook.com *.adnxs.com www.google.com.ua cdn.devatics.io *.saferpay.com notifpush.com *.laiye.com *.destygo.com *.mindsay.com *.piwik.pro connect.facebook.net cdn.cookielaw.org http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com cdn.cookielaw.org *.googletagmanager.com connect.facebook.net secure.adnxs.com targetemsecure.blob.core.windows.net cgn.slgnt.eu notifpush.com userlike-cdn-widgets.s3-eu-west-1 dmc.devatics.io try.abtasty.com acdn.adnxs.com snap.licdn.com widget.destygo.com *.cloudfront.net *.amazonaws.com *.saferpay.com http://trk.adbutter.net *.laiye.com *.destygo.com *.mindsay.com *.googleapis.com *.gstatic.com *.piwik.pro js.adsrvr.org http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googletagmanager.com cdn.cookielaw.org www.google.com.ua *.amazonaws.com api.userlike.com notifpush.com *.googleapis.com *.doubleclick.net *.saferpay.com www.facebook.com *.abtasty.com *.laiye.com *.destygo.com *.mindsay.com *.gstatic.com *.piwik.pro pagead2.googlesyndication.com gjigle.com cdn.linkedin.oribi.io secure-apis.notifadz.com px.ads.linkedin.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src px.ads.linkedin.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.cloudfront.net *.reviews.io *.reviews.co.uk *.fontawesome.com *.gstatic.com 'self' data: https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ static.klaviyo.com https://cdn.icomoon.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.reviews.io *.reviews.co.uk *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ magento-cloudflare.jetrails.com *.reviews.io *.reviews.co.uk c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://app-wallee.com *.criteo.com *.facebook.com ct.pinterest.com int.post.ch www.post.ch/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ytimg.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudfront.net *.reviews.io *.reviews.co.uk www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://app-wallee.com *.hsforms.net *.hsforms.com 'self' data: *.360yield.com *.3lift.com *.adform.net *.adnxs.com *.angela-bruderer.ch *.bidswitch.net *.casalemedia.com *.criteo.com *.doubleclick.net *.facebook.com *.google.de *.id5-sync.com id5-sync.com *.ivitrack.com *.krxd.net *.media.net *.mediavine.com *.omnitagjs.com *.outbrain.com *.praktikus.ch *.pubmatic.com *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.smartclip.net *.taboola.com *.tdintern.de *.teads.tv *.thebrighttag.com *.tremorhub.com *.twiago.com *.yahoo.com *.yieldlab.net *.yieldmo.com bat.bing.com ct.pinterest.com *.google.ch d3k81ch9hvuctc.cloudfront.net https://trck.spoteffects.net https://dev.visualwebsiteoptimizer.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.reviews.io *.reviews.co.uk s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://app-wallee.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com *.cloudflareinsights.com *.criteo.com *.datareporter.eu *.getback.ch *.getsitecontrol.com *.newrelic.com *.nr-data.net *.usersnap.com *.analytics.maileon.com connect.facebook.net *.usernap.com s.pinimg.com bat.bing.com static.profity.ch/ static.klaviyo.com https://static-tracking.klaviyo.com https://analytics.maileon.com angela-bruderer-ag.onlyfy.jobs gtm.adt313.net https://trck.spoteffects.net https://ajax.cloudflare.com https://apis.google.com/js/api.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com *.datareporter.eu static.getback.ch static-tracking.klaviyo.com https://cdn.icomoon.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src *.cloudflareaccess.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudfront.net *.reviews.io *.reviews.co.uk ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.criteo.com *.datareporter.eu *.doubleclick.net *.getsitecontrol.com *.google.de *.nr-data.net *.bing.com *.getback.ch region1.analytics.google.com ct.pinterest.com events.getsitectrl.com https://a.klaviyo.com https://insights.algolia.io *.facebook.com https://dev.visualwebsiteoptimizer.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com *.angela-bruderer.ch *.cloudflareaccess.com *.cloudflareinsights.com *.datareporter.eu *.facebook.com *.mediavine.com *.newrelic.com *.nr-data.net *.omnitagjs.com *.praktikus.ch *.tdintern.de *.tremorhub.com *.yieldlab.net *.getback.ch 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.licdn.com *.cloudfront.net www.googletagmanager.com www.lightboxcdn.com adservice.google.com *.googleapis.com privacy.trustcommander.net www.google.com *.linkedin.com *.hotjar.com eu-api.lightboxcdn.com c.az.contentsquare.net emea-lmg.netmng.com api.eu.zetaglobal.net onsiterecs.api.eu.zetaglobal.net bam.nr-data.net events.api.eu.zetaglobal.net vc.hotjar.io *.lamutuellegenerale.fr js-agent.newrelic.com *.facebook.net cdn.trustcommander.net people.api.eu.zetaglobal.net *.commander1.com *.qualtrics.com region1.google-analytics.com *.gstatic.com *.facebook.com t.contentsquare.net *.googlesyndication.com cdn.eu.zetaglobal.net euhosted.live.rezync.com try.abtasty.com *.doubleclick.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-oNj8eze1hJmKOjdIK7VOYQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-POU-plyd31LU94usZgsp4g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 'self'; report-uri https://b665164c4fb2875cf6d57e97c5ceb8d2.report-uri.com/r/d/csp/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-Pk-PyweCHw-kJNHTMyuyzw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.adyen.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.adobedtm.com *.feefo.com *.cookiebot.com *.hotjar.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.adobedtm.com *.feefo.com *.cookiebot.com *.hotjar.com media.ltmuseumshop.co.uk www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.plugins.emarsys.net *.scarabresearch.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.adobedtm.com *.feefo.com *.cookiebot.com *.hotjar.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adyen.com *.scarabresearch.com *.eservice.emarsys.net http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.adobedtm.com *.feefo.com *.cookiebot.com *.hotjar.com *.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://online.flippingbook.com/; report-to report-endpoint; 1
font-src *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.adyen.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.mercadolibre.com *.openpay.mx *.openpay.co *.opencontrol.mx *.kaptcha.com *.paynet.com.mx *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.adyen.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com *.postimg.cc *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.mlstatic.com *.mercadopago.com *.s3.amazonaws.com *.openpay.co *.google-analytics.com *.google.com/recaptcha/ *.gstatic.com/recaptcha/ cdn.conekta.io conektaapi.s3.amazonaws.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline cdn.dnky.co webchat.dotdigital.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.adyen.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.mercadopago.com *.mercadolibre.com *.openpay.mx *.openpay.co api.conekta.io *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-oS-HwLxDEUPAjXFnLFcu3w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ajax.aspnetcdn.com www.google.com *.gstatic.com cdnjs.cloudflare.com cdn.jsdelivr.net *.googleapis.com apps.mypurecloud.com api-cdn.mypurecloud.com code.jquery.com unpkg.com maxcdn.bootstrapcdn.com chat01.ipdialbox.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src fonts.gstatic.com *.fontawesome.com static.klaviyo.com *.earthboundtrading.com *.fonts.googleapis.com *.googleapis.com *.gstatic.com data: *.cloudflare.com *.fastly.com fonts.googleapis.com *.bootstrapcdn.com *.yotpo.com *.amazonaws.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.earthboundtrading.com *.facebook.com *.list-manage.com *.yotpo.com *.amazonaws.com *.kaltura.com *.iesnare.com *.klaviyo.com api-js.datadome.co 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.earthboundtrading.com *.google.com *.addthis.com *.pinterest.com *.facebook.com *.paypalobjects.com *.hotjar.com *.google.co.in *.doubleclick.net *.github.io *.networkmerchants.com *.klaviyo.com api-js.datadome.co *.yotpo.com *.amazonaws.com *.kaltura.com *.iesnare.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com *.cdn.klarna.com *.cloudflare.com *.earthboundtrading.com *.fastly.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com *.facebook.com *.google.com *.google.co.in *.doubleclick.net *.mapbox.com *.klaviyo.com *.cloudfront.net api-js.datadome.co *.yotpo.com *.amazonaws.com *.kaltura.com *.iesnare.com *.reddit.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.earthboundtrading.com *.google.com *.google.co.in *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.facebook.net *.pinterest.com *.instagram.com https://www.googletagmanager.com tagmanager.google.com *.bootstrapcdn.com *.mapbox.com *.jsdelivr.net *.algolia.net *.algolianet.com *.hotjar.com *.networkmerchants.com *.klaviyo.com api-js.datadome.co *.yotpo.com *.amazonaws.com *.kaltura.com *.iesnare.com *.pinimg.com *.tiktok.com *.redditstatic.com *.reddit.com unpkg.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.earthboundtrading.com *.googleapis.com tagmanager.google.com *.mapbox.com *.klaviyo.com *.networkmerchants.com *.yotpo.com *.amazonaws.com *.kaltura.com *.iesnare.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com cdn.ampproject.org https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.earthboundtrading.com *.fastly.com *.googleapis.com *.addthis.com *.graph.instagram.com *.google-analytics.com *.pangle-ads.com *.googletagmanager.com *.doubleclick.net *.jsdelivr.net *.algolia.net *.algolianet.com *.hotjar.com *.hotjar.io ws://*.hotjar.com *.networkmerchants.com *.mapbox.com *.klaviyo.com api-js.datadome.co *.yotpo.com *.amazonaws.com *.kaltura.com *.iesnare.com *.pinterest.com *.tiktok.com *.facebook.net *.redditstatic.com *.reddit.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.yotpo.com staticw2.yotpo.com *.amazonaws.com *.kaltura.com *.iesnare.com *.hotjar.com *.hotjar.io ws://*.hotjar.com *.pinimg.com *.pinterest.com *.tiktok.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-o3AjwW9ACagXCkaX7hARXg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src https://*.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com *.fontawesome.com dhv2ziothpgrr.cloudfront.net *.klevu.com *.ksearchnet.com *.klarnaservices.com *.klarnaevt.com *.klarna.com *.klarnacdn.net *.google.com *.doubleclick.net *.pinterest.com *.tiktok.com *.nr-data.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.yotpo.com *.paypal.com *.facebook.com *.facebook.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.google.com www.googletagmanager.com *.adyen.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.yotpo.com *.rvvuptech.com *.clearpay.co.uk *.paypal.com *.sandbox.paypal.com *.doubleclick.net *.hotjar.com *.facebook.com *.facebook.net *.vimeo.com *.pinterest.com *.newrelic.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com *.gstatic.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://*.gstatic.com *.yotpo.com *.afterpay.com *.paypal.com *.sandbox.paypal.com *.stats.paypal.com dhv2ziothpgrr.cloudfront.net *.klevu.com *.ksearchnet.com *.google.co.uk *.googletagmanager.com *.google.com *.facebook.com *.facebook.net *.klarnaservices.com *.klarnaevt.com *.klarna.com *.klarnacdn.net *.doubleclick.net *.pinterest.com *.tiktok.com *.nr-data.net *.bing.com *.newrelic.com *.media-amazon.com *.payments-amazon.com *.amazon.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ *.google.com *.adyen.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.yotpo.com *.afterpay.com *.paypal.com *.sandbox.paypal.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net *.klevu.com *.ksearchnet.com *.googleapis.com *.klarnaservices.com *.klarnaevt.com *.klarna.com *.klarnacdn.net *.doubleclick.net *.pinterest.com *.tiktok.com *.bing.com *.facebook.com *.facebook.net *.newrelic.com *.visualwebsiteoptimizer.com *.pinimg.com *.matomo.cloud *.adt313.net *.adt356.net *.adt356.com *.payments-amazon.com *.amazon.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com/ cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.yotpo.com *.googleapis.com *.fontawesome.com dhv2ziothpgrr.cloudfront.net *.klevu.com *.ksearchnet.com *.klarnaservices.com *.klarnaevt.com *.klarna.com *.klarnacdn.net *.google.com *.doubleclick.net *.pinterest.com *.tiktok.com *.nr-data.net *.bing.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.yotpo.com *.paypal.com *.sandbox.paypal.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com *.klevu.com *.ksearchnet.com google.com *.google.com *.google.co.uk *.klarnaservices.com *.klarnaevt.com *.klarna.com *.klarnacdn.net *.doubleclick.net *.pinterest.com *.tiktok.com *.nr-data.net *.facebook.com *.facebook.net bat.bing.com *.bing.com *.newrelic.com *.postcodeanywhere.co.uk *.payments-amazon.com *.amazon.com 'self' 'unsafe-inline'; child-src *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.typekit.net *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.typekit.net *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com ws: t.elasticsuite.io *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com https://www.gstatic.com data: *.fontawesome.com *.bootstrapcdn.com *.typekit.net https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.affirm.com *.affirm.ca googleads.g.doubleclick.net secure.livechatinc.com *.weltpixel.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://www.google.com www.xtento.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.affirm.com *.affirm.ca *.amazonaws.com bat.bing.com cdn.ywxi.net blob *.instantsearchplus.com *.bbb.org cdn.livechat-files.com *.facebook.com *.trackedlink.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com https://www.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.affirm.com *.affirm.ca acp-magento.appspot.com *.akamaized.net *.instantsearchplus.com *.fastsimon.com fastsimon-grid.akamaized.net *.fontawesome.com *.livechatinc.com bat.bing.com *.clarity.ms *.newrelic.com 199001.tctm.co *.facebook.net *.facebook.com *.cokertirecompany.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.google.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.bootstrapcdn.com static-autocomplete.fastsimon.com ping.fastsimon.com settings.fastsimon.com static-grid.fastsimon.com *.typekit.net cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.fontawesome.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.affirm.com *.affirm.ca *.clarity.ms api.livechatinc.com bat.bing.com api.fastsimon.com suggest.instantsearchplus.com static-autocomplete.fastsimon.com static-grid.fastsimon.com ping.fastsimon.com settings.fastsimon.com stats.g.doubleclick.net bam.nr-data.net 199001.tctm.co *.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src https: 'strict-dynamic' 'report-sample' 'nonce-m/DCd3e4u6buIUgehzw0D71NxD3Mrc/Vi0dRHH+/E9c='; base-uri 'self';report-to csp-endpoint 1
object-src 'none';base-uri 'self';script-src 'nonce-5l8IKevq1Jb-xrlwuq0Cyw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-HHBE8K5cisGNSmW88WZdmA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.rumiview.com/containers/43a4f5d7-295c-4552-9fe2-f9cba99ab230.js https://cmp.osano.com https://cdn.jsdelivr.net https://cdn.rawgit.com https://cdnjs.cloudflare.com https://www.googletagmanager.com http://hello.myfonts.net https://hello.myfonts.net https://www.google-analytics.com https://connect.facebook.net https://snap.licdn.com https://assets.adobedtm.com https://cdn.ampproject.org https://polyfill.io https://static.addtoany.com https://unpkg.com https://www.recaptcha.net https://www.rumiview.com/ppms.js https://www.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.rumiview.com/containers/43a4f5d7-295c-4552-9fe2-f9cba99ab230.js https://cmp.osano.com https://cdn.jsdelivr.net https://cdn.rawgit.com https://cdnjs.cloudflare.com https://www.googletagmanager.com http://hello.myfonts.net https://hello.myfonts.net https://www.google-analytics.com https://connect.facebook.net https://snap.licdn.com https://assets.adobedtm.com https://cdn.ampproject.org https://polyfill.io https://static.addtoany.com https://unpkg.com https://www.recaptcha.net https://www.rumiview.com/ppms.js https://www.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://www.rumiview.com/containers/43a4f5d7-295c-4552-9fe2-f9cba99ab230.js https://cmp.osano.com https://cdn.jsdelivr.net https://cdn.rawgit.com https://cdnjs.cloudflare.com https://www.googletagmanager.com http://hello.myfonts.net https://hello.myfonts.net https://www.google-analytics.com https://connect.facebook.net https://snap.licdn.com https://assets.adobedtm.com https://cdn.ampproject.org https://polyfill.io https://static.addtoany.com https://unpkg.com https://www.recaptcha.net https://www.rumiview.com/ppms.js https://www.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; worker-src 'self' blob:; report-uri https://www.vyaire.com/log-report-uri/report-only 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.googleapis.com *.fontawesome.com *.bootstrapcdn.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.yotpo.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.suncast.com *.twitter.com *.google.com *.addthis.com *.yotpo.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com maps.googleapis.com chart.googleapis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com * 'unsafe-inline' maps.gstatic.com *.yotpo.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.us.tvsquared.com *.brandcdn.com *.simpli.fi *.pinterest.com *.pricespider.com api.tiles.mapbox.com *.cloudflare.com *.twitter.com *.google-analytics.com googletagmanager.com *.google.com *.gstatic.com *.trustedshops.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com apis.google.com graph.facebook.com *.zdassets.com *.usablenet.com libraries.unbxdapi.com *.cloudfront.net *.bing.com *.facebook.net *.hotjar.com *.pinimg.com tags.srv.stackadapt.com static.criteo.net sslwidget.criteo.com googleads.g.doubleclick.net use.typekit.net *.curalate.com *.newrelic.com api.smooch.io qvdt3feo.com 'unsafe-inline' maps.googleapis.com *.yotpo.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com chart.googleapis.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com api.tiles.mapbox.com *.pricespider.com *.baileygp.com *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com libraries.unbxdapi.com tags.srv.stackadapt.com suncast.usablenet.com *.yotpo.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com assets.baileygp.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.mapbox.com *.unbxd.io *.s3.amazonaws.com *.cloudfront.net *.pricespider.com *.cloudflare.com *.twitter.com *.paypal.com *.facebook.com *.zdassets.com suncast.zendesk.com tags.srv.stackadapt.com stats.g.doubleclick.net ct.pinterest.com measurement-api.criteo.com *.hotjar.io *.curalate.com bam.nr-data.net api.smooch.io wss://api.smooch.io wss://ws.hotjar.com *.yotpo.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com maps.googleapis.com chart.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.cookielaw.org *.incomm.com www.googletagmanager.com ssl.kaptcha.com *.onetrust.com ssl.google-analytics.com www.memberedelivery.com www.google-analytics.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src * data: 'unsafe-inline' 'unsafe-eval'; block-all-mixed-content; report-uri /nelmio/csp/report 1
font-src fonts.gstatic.com use.typekit.net static.lipscore.com *.klarnacdn.net *.klevu.com *.ksearchnet.com *.bootstrapcdn.com *.kindlycdn.com *.cookieinformation.com *.app.cookieinformation.com *.doubleclick.net *.td.doubleclick.net *.googletagmanager.com *.cevoid.com *.gallery.cevoid.com *.embed.cevoid.com *.api.cevoid.com *.granit.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.klarna.com *.hotjar.com *.cookieinformation.com *.app.cookieinformation.com *.doubleclick.net *.td.doubleclick.net *.googletagmanager.com *.cevoid.com *.gallery.cevoid.com *.embed.cevoid.com *.api.cevoid.com *.granit.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.klarna.com *.klarnaevt.com *.klarnacdn.net static.lipscore.com blob: img.youtube.com *.klevu.com *.ksearchnet.com *.facebook.com *.cookieinformation.com *.app.cookieinformation.com *.doubleclick.net *.td.doubleclick.net *.googletagmanager.com *.cevoid.com *.gallery.cevoid.com *.embed.cevoid.com *.api.cevoid.com *.granit.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.klarna.com *.klarnacdn.net static.lipscore.com *.klarnaservices.com js.klevu.com *.ksearchnet.com *.hotjar.com *.getflowbox.com *.spinnaker-js.com *.facebook.com *.facebook.net *.kindlycdn.com *.newrelic.com *.nr-data.net *.cookieinformation.com *.app.cookieinformation.com *.doubleclick.net *.td.doubleclick.net *.googletagmanager.com *.cevoid.com *.gallery.cevoid.com *.embed.cevoid.com *.api.cevoid.com *.granit.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com static.lipscore.com *.klarnacdn.net *.klevu.com *.ksearchnet.com *.bootstrapcdn.com *.cookieinformation.com *.app.cookieinformation.com *.doubleclick.net *.td.doubleclick.net *.googletagmanager.com *.cevoid.com *.gallery.cevoid.com *.embed.cevoid.com *.api.cevoid.com *.granit.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.klarnaevt.com wapi.lipscore.com users.lipscore.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.klevu.com *.ksearchnet.com *.hotjar.com *.g.doubleclick.net *.nr-data.net *.spinnaker-js.com *.kindlycdn.com *.cookieinformation.com *.app.cookieinformation.com *.doubleclick.net *.td.doubleclick.net *.googletagmanager.com *.cevoid.com *.gallery.cevoid.com *.embed.cevoid.com *.api.cevoid.com *.granit.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-Fbprz2XdysCCwLkiktUNug' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-M0tEb-qaaAkwLhleKhWxFQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-25b5326735ba45e68394a94b09a88864' https://mychart.et1013.epichosted.com 'self';img-src https://* 'self' blob: data:;style-src https://mychart.et1013.epichosted.com 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1
object-src 'none';base-uri 'self';script-src 'nonce-RF9mIxjM2owHerJVOwszWQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-jfdj744WQh741wc6rRRHzw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.klarnacdn.net *.trustedshops.com *.fontawesome.com *.gstatic.com 'self' data: https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://seo.mageplaza.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.klarna.com challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.klimaworld.com img.idealo.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://www.magezon.com *.trustedshops.com https://img.youtube.com *.facebook.com *.hsforms.net *.hsforms.com 'self' data: https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.klarna.com *.klarnacdn.net *.klarnaservices.com challenges.cloudflare.com *.klimaworld.com *.doofinder.com *.iadvize.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustedshops.com cdnjs.cloudflare.com s7.addthis.com *.googletagmanager.com *.facebook.net *.google.com *.hsforms.net *.hsforms.com *.gstatic.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klarnacdn.net *.klimaworld.com *.doofinder.com unsafe-inline assets.braintreegateway.com *.trustedshops.com *.fontawesome.com *.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.klimaworld.com *.doofinder.com *.iadvize.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.trustedshops.com ekr.zdassets.com/ *.google-analytics.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.trustedshops.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://www.gstatic.com https://fonts.gstatic.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.storyblok.com 'self'; frame-src bid.g.doubleclick.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.bolt.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com https://www.googletagmanager.com/ https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com consentcdn.cookiebot.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.adyen.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com *.financeabike.de *.test-financeabike.de *.storyblok.com 'self' data: data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.adyen.com chimpstatic.com downloads.mailchimp.com *.list-manage.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.financeabike.de *.test-financeabike.de consent.cookiebot.com *.storyblok.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src downloads.mailchimp.com *.fontawesome.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.financeabike.de *.test-financeabike.de *.storyblok.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.financeabike.de *.test-financeabike.de consentcdn.cookiebot.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src 'self' https://*.kxcdn.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.kxcdn.com https://cdnjs.cloudflare.com https://connect.facebook.net https://googleads.g.doubleclick.net https://includes.ccdc02.com/cardinalcruise/ https://js.braintreegateway.com https://songbird.cardinalcommerce.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://*.kxcdn.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; child-src 'self' https://staticxx.facebook.com https://bid.g.doubleclick.net; img-src 'self' data: https:; report-uri /api/v0.1.0/security-report/csp; connect-src 'self' https:; object-src 'self' https://*.kxcdn.com; default-src 'self'; frame-src 'self' https://*.cardinalcommerce.com https://*.kxcdn.com https://assets.braintreegateway.com https://bid.g.doubleclick.net https://checkout.paypal.com https://connect.facebook.net https://staticxx.facebook.com https://www.facebook.com 1
default-src 'self' 'unsafe-inline' data: *.marianatek.com *.cookielaw.org *.chilipiper.com *.googletagmanager.com *.google.com *.gstatic.com *.cloudflare.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.licdn.com *.facebook.net *.clarity.ms *.google-analytics.com *.hs-scripts.com *.doubleclick.net https://unpkg.com/;upgrade-insecure-requests; 1
worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com *.gstatic.com *.fontawesome.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://www.googletagmanager.com/ *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de https://mobbex.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com *.google.com *.gstatic.com *.fbcdn.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net *.mobbex.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.googleapis.com *.google.com *.gstatic.com cdn.ampproject.org connect.facebook.net www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com *.doubleclick.net *.avada.io *.mobbex.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com cdn.dnky.co webchat.dotdigital.com *.googletagmanager.com *.fontawesome.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.google-analytics.com *.google.com *.mobbex.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net *.klaviyo.com maxcdn.bootstrapcdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com platform.twitter.com www.xtento.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.naturamarket.ca *.pingdom.net *.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ pinterest.com assets.pinterest.com syndication.twitter.com www.xtento.com cdn.xtento.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.pingdom.net *.klaviyo.com *.pinimg.com *.mczbf.com *.hotjar.com *.tiktok.com *.pinterest.com *.googleapis.com *.addthis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ twitter.com platform.twitter.com www.xtento.com cdn.xtento.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.klaviyo.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.naturamarket.ca *.pingdom.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.pingdom.net *.klaviyo.com *.tiktok.com *.doubleclick.net *.pinterest.com *.googleapis.com *.hotjar.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ maps.googleapis.com chart.googleapis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com chart.googleapis.com *.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com chart.googleapis.com www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com js-agent.newrelic.com www.youtube.com www.google-analytics.com bam.nr-data.net static.dvinci-easy.com maps.googleapis.com bat.bing.com www.gstatic.com connect.facebook.net widget.msgp.pl services.gastronovi.com www.googleadservices.com blob: https://cdn.jsdelivr.net https://cdn.kiprotect.com https://cdnjs.cloudflare.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' www.googletagmanager.com static.dvinci-easy.com unpkg.com js-agent.newrelic.com www.google-analytics.com maps.googleapis.com bam.nr-data.net connect.facebook.net bat.bing.com www.gstatic.com www.youtube.com widget.msgp.pl services.gastronovi.com www.google.com googleads.g.doubleclick.net www.recaptcha.net www.googleadservices.com content.syndigo.com js.monitor.azure.com static.hotjar.com script.hotjar.com https://cdn.jsdelivr.net https://cdn.kiprotect.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' static.dvinci-easy.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' static.dvinci-easy.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; base-uri 'self'; frame-ancestors 'self' lpda9f27a988.hana.ondemand.com 1
script-src 'unsafe-hashes' 'sha256-5lSQFTOMNNoGBLbrC6eUxpYeuyBQW52hLO9rR85ASEA=' https: http: 'nonce-r8WYMoDh9a5KWUpKHahM5jO/jyohN8QaAIQTfmzKB1I=' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic';object-src 'none';frame-ancestors 'none';base-uri 'none';report-uri /api/csp-report 1
report-uri /Api/CspReport; report-to csp-endpoint; default-src 'self' 'unsafe-inline'; frame-ancestors 'self'; object-src 'self' *.youtube.com; media-src 'self' *.youtube.com data:; connect-src 'self' *.google-analytics.com adservice.google.com *.googleadservices.com *.paypal.com www.facebook.com bat.bing.com *.doubleclick.net *.google.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com; font-src 'self' *.googleapis.com *.gstatic.com *.paypalobjects.com; frame-src 'self' *.facebook.com *.paypalobjects.com *.paypal.com *.youtube.com *.youtube-nocookie.com *.google.com *.amazon.com; img-src 'self' *.googletagmanager.com *.googleapis.com *.gstatic.com *.google-analytics.com *.ytimg.com *.paypal.com *.paypalobjects.com *.facebook.com *.fbcdn.net *.youtube.com *.googleadservices.com *.ssl-images-amazon.com bat.bing.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.facebook.net *.facebook.com *.paypalobjects.com *.paypal.com *.loginwithamazon.com *.google.com bat.bing.com *.affirm.com; 1
object-src 'none';base-uri 'self';script-src 'nonce-Cpz2hT0_grVhWL0Ptn0lfQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' wss://ws23.hotjar.com/ https://www.google-analytics.com https://sdir-p-cdnep-apsminsidesjofolk.azureedge.net https://sdir-p-apim-common.azure-api.net https://sdirpstapplication.blob.core.windows.net https://portal.sjofartsdir.no https://api.pirsch.io; script-src https://www.google-analytics.com https://static.hotjar.com https://sdir-p-cdnep-apsminsidesjofolk.azureedge.net https://sdir-p-cdnep-minsidefartoy.azureedge.net https://sdir-p-cdnep-apsminsidekvalifikasjoner.azureedge.net https://sdir-p-cdnep-etingportal.azureedge.net https://sdir-p-cdnep-paymentportal.azureedge.net https://api.pirsch.io 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample'; style-src 'self' 'unsafe-inline' https://sdir-p-cdnep-apsminsidesjofolk.azureedge.net https://sdir-p-cdnep-minsidefartoy.azureedge.net https://sdir-p-cdnep-apsminsidekvalifikasjoner.azureedge.net https://sdir-p-cdnep-etingportal.azureedge.net https://sdir-p-cdnep-paymentportal.azureedge.net 'report-sample'; img-src 'self' https://www.google.no https://www.google.com data: blob:; frame-src 'self' https://sdir-p-apim-common.azure-api.net; report-uri https://gate.rapidsec.net/g/r/csp/935437bd-15fd-48dc-ab1d-930a31146380/0/1/3?sct=4bd0bb63-fc90-40ff-bb6c-4baa452152ba&dpos=report 1
font-src *.cloudflare.com *.bootstrapcdn.com *.twitter.com *.facebook.net *.facebook.com *.projectplanet.us *.braintreegateway.com maxcdn.bootstrapcdn.com *.google.com *.google.co.in *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.gundamplanet.com *.figurise.com *.planetconnection.org data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.facebook.com *.gundamplanet.com *.figurise.com *.planetconnection.org 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.twitter.com *.facebook.net https://www.facebook.com *.projectplanet.us *.braintreegateway.com *.youtu.be *.youtube.co https://www.google.com *.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://www.google.co.in *.gundamplanet.com *.figurise.com *.planetconnection.org 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.pinterest.com *.paypal.com *.twitter.com *.google.com *.google.co.in *.twimg.com *.projectplanet.us www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com *.gundamplanet.com *.figurise.com *.planetconnection.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.cloudflare.com *.twitter.com *.twimg.com *.fontawesome.com unpkg.com *.facebook.net *.pinterest.com *.paypal.com *.google-analytics.com *.google.com *.projectplanet.us js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.google.co.in *.facebook.com *.googleadservices.com *.gstatic.com *.trustedshops.com *.usercentrics.eu https://connect.facebook.net *.paypalobjects.com https://chimpstatic.com *.googletagmanager.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com *.gundamplanet.com *.figurise.com *.planetconnection.org cdn.routeapp.io fonts.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com unpkg.com *.pinterest.com *.twimg.com *.twitter.com *.projectplanet.us maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.youtube.com *.gundamplanet.com *.figurise.com *.planetconnection.org fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.facebook.net *.google-analytics.com *.pinterest.com *.paypal.com *.twitter.com *.doubleclick.net *.twimg.com *.projectplanet.us *.braintree-api.com *.braintreegateway.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.google.com google.com *.google.co.in *.facebook.com *.gundamplanet.com *.figurise.com *.planetconnection.org api.route.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.gundamplanet.com/; report-to report-endpoint; 1
font-src *.klevu.com *.ksearchnet.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com *.google.com *.google.ca *.omappapi.com *.hotjar.com *.freshbots.ai *.pusher.com *.freshworksapi.com *.attn.tv *.route.io *.routeapp.io data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.affirm.com *.affirm.ca c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.hotjar.com *.paypal.com *.kaptcha.com *.tdotperformance.ca *.automotivestuff.com *.addthis.com *.nort.ca *.google.com *.google.ca *.bing.com *.facebook.com *.freshbots.ai *.pusher.com *.freshworksapi.com *.attn.tv 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.bing.com *.freshbots.ai *.paypal.com *.gstatic.com *.googletagmanager.com *.shopperapproved.com *.tdotperformance.ca *.automotivestuff.com *.nort.ca *.youtube.com *.google.com *.google.ca *.doubleclick.net *.facebook.net *.facebook.com *.hotjar.com *.riskified.com *.clarity.ms *.cloudfront.net *.omappapi.com *.crazyegg.com *.pusher.com *.freshworksapi.com *.attn.tv *.route.io *.routeapp.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.forter.com *.cloudfront.net *.optnmstr.com *.newrelic.com *.hotjar.com *.nr-data.net *.shopperapproved.com *.bing.com *.freshbots.ai *.clarity.ms *.googleapis.com *.tdotperformance.ca *.automotivestuff.com *.addthis.com *.addthisedge.com *.moatads.com *.nort.ca *.youtube.com *.google.com *.google.ca *.omappapi.com *.facebook.net *.facebook.com *.riskified.com *.doubleclick.net *.klaviyo.com *.crazyegg.com *.pusher.com *.freshworksapi.com *.noibu.com *.attn.tv *.omniconvert.com *.route.io *.routeapp.io cdn.routeapp.io fonts.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline *.omappapi.com *.freshbots.ai fonts.googleapis.com *.tdotperformance.ca *.automotivestuff.com *.nort.ca *.google.com *.google.ca *.shopperapproved.com *.klaviyo.com *.crazyegg.com *.pusher.com *.freshworksapi.com *.attn.tv *.route.io *.routeapp.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cloudfront.net *.forter.com *.omappapi.com *.hotjar.com *.doubleclick.net *.nr-data.net *.shopperapproved.com *.freshbots.ai *.googleapis.com *.tdotperformance.ca *.automotivestuff.com *.addthis.com *.nort.ca *.clarity.ms *.youtube.com *.google.com *.google.ca *.facebook.net *.facebook.com *.bing.com *.riskified.com *.klaviyo.com *.crazyegg.com *.hotjar.io *.pusher.com *.freshworksapi.com wss://rts-us.freshworksapi.com wss://ws.hotjar.com *.noibu.com wss://*.noibu.com *.attn.tv events.attentivemobile.com *.omniconvert.com *.route.io *.routeapp.io api.route.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-iSE32Gu_yN-rHLIt_xJspg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-266267d8a6444287a6f2d8114d43ac12' https://www.mybmgchart.com/mychart/Authentication/Login? 'self';img-src https://* 'self' blob: data:;style-src https://www.mybmgchart.com/mychart/Authentication/Login? 'self' 'unsafe-inline';form-action 'self';media-src https://* 'self'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleapis.com consentcdn.cookiebot.com imgsct.cookiebot.com www.google-analytics.com cdn.jsdelivr.net cdn.equalweb.com *.gstatic.com cdn.printfriendly.com consent.cookiebot.com romanza-assets.s3.amazonaws.com maxcdn.bootstrapcdn.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.fontawesome.com *.gstatic.com maxcdn.bootstrapcdn.com static.klaviyo.com acsbapp.com cloud.productimize.com v2.zopim.com data: *.yotpo.com unpkg.com netdna.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net *.facebook.com globalshopex.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://api.boldcommerce.com *.meetanshi.com https://accounts.google.com https://amc.demdex.net/ *.authorize.net *.hotjar.com h.online-metrix.net imgs.signifyd.com *.facebook.com disqus.com platform.twitter.com www.google.com globalshopex.com email.blauer.com acsbapp.com w3.cdn.anvato.net imgs.cdn-btsg.com td.doubleclick.net/ landofcoder.com *.weltpixel.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com *.gstatic.com https://static.boldcommerce.com https://static.xx.fbcdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ store.paradoxlabs.com *.meetanshi.com https://meetanshi.com/media/logo.png 'self' data: *.facebook.com *.google.com *.googleadservices.com *.googletagmanager.com www.facebook.com *.rfksrv.com p.yotpo.com i.imgur.com region1.analytics.google.com *.online-metrix.net v2.zopim.com * *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.google-analytics.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com f.vimeocdn.com www.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.googleapis.com www.gstatic.com https://api.boldcommerce.com https://static.xx.fbcdn.net https://connect.facebook.net cdnjs.cloudflare.com https://cashier.boldcommerce.com/assets/experience/flow_sdk.js s7.addthis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.meetanshi.com *.google.com *.authorize.net connect.facebook.net *.googletagmanager.com *.googleadservices.com *.tiktok.com *.klaviyo.com *.hotjar.com script.crazyegg.com seal.digicert.com imgs.signifyd.com region1.analytics.google.com fresnel.vimeocdn.com triggeredmail.appspot.com *.rfksrv.com cdn.scarabresearch.com *.cloudfront.net *.crazyegg.com *.bing.com static.zdassets.com v2.zopim.com seal.websecurity.norton.com *.yotpo.com bam.nr-data.net bam-cell.nr-data.net *.disqus.com *.disquscdn.com platform.twitter.com acsbapp.com z.moatads.com v1.addthisedge.com widget-mediator.zopim.com *.clarity.ms www.bluecore.com wickedreports.com widget.wickedreports.com globalshopex.com *.getattribution.net measure.getattribution.net *.wickedreports.com track.wickedreports.com snap.licdn.com *.zendesk.com *.smooch.io *.cdn-btsg.com/ imgs.cdn-btsg.com px.ads.linkedin.com *.gstatic.com landofcoder.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://static.klaviyo.com https://accounts.google.com/gsi/style https://fonts.googleapis.com/css maxcdn.bootstrapcdn.com *.klaviyo.com netdna.bootstrapcdn.com f.vimeocdn.com c.disquscdn.com/ *.cloudfront.net *.yotpo.com unpkg.com rfk-staticfiles-prod.s3.amazonaws.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.googleapis.com https://api.boldcommerce.com https://api.staging.boldcommerce.com https://cashier.boldcommerce.com https://graph.facebook.com https://secure.boldcommerce.com https://secure.staging.boldcommerce.com ekr.zdassets.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.meetanshi.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://oauth2.googleapis.com/tokeninfo *.authorize.net *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.clarity.ms *.tiktok.com *.klaviyo.com *.hotjar.com *.hotjar.io wss://*.hotjar.com syndication.twitter.com 21vod-adaptive.akamaized.net player-telemetry.vimeo.com fiddler.brontops.com recommender.scarabresearch.com ekr.zdassets.com wss://widget-mediator.zopim.com imgs.signifyd.com bam.nr-data.net *.crazyegg.com *.yotpo.com *.disqus.com *.bing.com region1.analytics.google.com *.doubleclick.net *.paypal.com *.facebook.com cdn.acsbapp.com bt.signifyd.com bt.signifyd.com:11103 bam-cell.nr-data.net wickedreports.com widget.wickedreports.com *.getattribution.net measure.getattribution.net *.wickedreports.com track.wickedreports.com *.zendesk.com wss://*.zendesk.com *.smooch.io cdn.linkedin.oribi.io imgs.cdn-btsg.com t.elasticsuite.io landofcoder.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src www.blauer.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://www.welcomeware.live/; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src *; connect-src *; font-src 'self' data: https://fonts.gstatic.com/; media-src *; report-uri *; form-action *; frame-ancestors *; object-src 'none'; frame-src *; worker-src 'self' blob: https://www.adigo.com/; manifest-src *; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-modals allow-downloads allow-orientation-lock allow-pointer-lock allow-presentation allow-popups-to-escape-sandbox allow-top-navigation allow-top-navigation-by-user-activation; 1
font-src https://*.fontawesome.com https://cdnjs.cloudflare.com https://*.typekit.net https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com https://*.zuora.com https://*.worldpay.com https://theteachingcompanysalesllc.demdex.net www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com https://theteachingcompany.d1.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com https://secureimages.teach12.com https://*.thegreatcoursesplus.com https://prd.jwpltx.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.avada.io https://cdnjs.cloudflare.com https://kit.fontawesome.com https://tags.tiqcdn.com https://cltgtstor001.blob.core.windows.net https://secureimages.teach12.com https://www.gstatic.com https://*.zuora.com https://*.worldpay.com https://*.jwpcdn.com https://*.acsbapp.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com display.ugc.bazaarvoice.com *.fontawesome.com https://cdnjs.cloudflare.com https://*.typekit.net https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com https://get.geojs.io *.avada.io https://theteachingcompany.d1.sc.omtrdc.net https://*.fontawesome.com https://*.bitmovin.com https://*.slgnt.us https://*.tgcmag.com https://*.thegreatcourses.com https://link.theplatform.com https://teachco-mp4.akamaized.net https://*.acsbapp.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.com.imgeng.in *.cloudfront.net v1.addthisedge.com block.opendns.com apps.bazaarvoice.com s.ytimg.com *.avmws.com *.google.com *.auryc.com *.bazaarvoice.com *.listrakbi.com services.listrak.com www.gstatic.com cdn.expertvoice.com secure.rock5rice.com pixel.mathtag.com js-agent.newrelic.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com dmp.truoptik.com xdymhcopnh.execute-api.us-east-1.amazonaws.com www-propper.com.imgeng.in www.googlecommerce.com *.googleadservices.com script.crazyegg.com *.channeladvisor.com *.facebook.net *.ubembed.com *.b1js.com *.callrail.com bat.bing.com googleads.g.doubleclick.net b1img.com *.youtube.com static.doubleclick.net pixel.adacado.com *.googleapis.com www.propper.com s7.addthis.com celebrosnlp.com m.addthis.com www.googletagmanager.com www.adelixir.com staticw2.yotpo.com cdn-vms-video-uploader.yotpo.com bam-cell.nr-data.net cdnapisec.kaltura.com *.youranswer.io support.youramigo.com *.yotpo.com platform.twitter.com propper-search.celebros.com cdn.swellrewards.com *.route.com; report-uri /.webscale/csp-report 1
default-src 'self';     script-src 'self';     style-src 'self';     img-src 'self';     font-src 'self';     connect-src;     media-src 'self';     object-src;     prefetch-src;     frame-src;     worker-src;     frame-ancestors 'self';     form-action;     base-uri; 1
font-src fonts.gstatic.com use.typekit.net https://fonts.gstatic.com *.gstatic.com data: *.klarnacdn.net *.fontawesome.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.ddev.site jsctool.com *.sendinblue.com sibautomation.com *.trbo.com containertags.belboon.com roxxtraxx.de *.ad-srv.net *.klarna.com secure.pay1.de payments.amazon.de www.jsctool.com js.playground.klarna.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.ddev.site *.hammer.de *.hammer-fitness.at *.hammer-fitness.ch *.hammer-traning.se *.trbo.com widgets.trustedshops.com ai.trk42.net *.usercentrics.eu maps.gstatic.com *.klarna.com *.klarnaevt.com *.klarnacdn.net cdn.pay1.de x.klarnacdn.net *.cloudfront.net www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.ddev.site *.hammer.de *.hammer-fitness.at *.hammer-fitness.ch *.hammer-traning.se *.sendinblue.com sibautomation.com *.emailsys1a.net *.trbo.com *.usercentrics.eu widgets.trustedshops.com content.cptrack.de t.adcell.com l.ecn-ldr.de containertags.belboon.de *.adform.net ai.trk42.net s.retargeted.co pix.hyj.mobi pikkasrv.com analytics.bestofluck.io *.gsitrix.com *.ad-srv.net trk.cytelligence.io tags.srv.stackadapt.com qvdt3feo.com maps.googleapis.com *.klarna.com *.klarnacdn.net *.klarnaservices.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io *.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.klarnacdn.net d.ratepay.com d.payla.io dr.payla.io *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.ddev.site *.hammer.de *.hammer-fitness.at *.hammer-fitness.ch *.hammer-traning.se *.sendinblue.com sibautomation.com maps.googleapis.com *.usercentrics.eu *.econda-monitor.de t.adcell.com *.gsitrix.com analytics.bestofluck.io tags.srv.stackadapt.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com payments.amazon.de d.ratepay.com jsctool.com eu.playground.klarnaevt.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src data: https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://widget.dixa.io https://a.omappapi.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com https://ssl.ditonlinebetalingssystem.dk https://www.facebook.com 'self' 'unsafe-inline'; frame-ancestors https://viewer.ipaper.io https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: https://online.adservicemedia.dk https://consentcdn.cookiebot.com https://www.facebook.com https://adtr.io https://event-client.viabill.com https://vars.hotjar.com https://www.youtube.com https://www.google.com https://www.youtube-nocookie.com https://gum.criteo.com https://pricetag.viabill.com https://www.addwish.com https://display.ipaper.io https://simplicity.trustpilot.com https://googleads.g.doubleclick.net https://cdn.lightwidget.com http://event.getblue.io www.google.com magento-cloudflare.jetrails.com www.youtube.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com self https://online.adservicemedia.dk https://www.facebook.com https://www.googletagmanager.com https://pushcrew.com https://cdn.pushcrew.com https://*.blog.beautycos.dk https://www.google-analytics.com https://stats.g.doubleclick.net *.google.dk https://www.google.com https://a.klaviyo.com https://dapi.videoly.co https://i.ytimg.com https://dis.criteo.com https://optin-monster.s3.amazonaws.com https://maps.googleapis.com https://maps.gstatic.com https://a.omappapi.com https://ssl.gstatic.com https://www.gstatic.com https://lh3.googleusercontent.com https://fonts.gstatic.com *.google.no *.google.se *.google.de *.google.co.uk *.google.com.ua https://d3k81ch9hvuctc.cloudfront.net https://d1pna5l3xsntoj.cloudfront.net *.ipaper.io *.taboola.com https://imgsct.cookiebot.com *.bing.com *.pricerunner.dk *.beautycos.dk https://s.kelkoogroup.net https://cdn.clerk.io *.ytimg.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://img.youtube.com *.facebook.com flagpedia.net https://widgets.trustedshops.com https://integrations.etrusted.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com polyfill.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com unsafe-inline https://ipinfo.io https://www.googletagmanager.com https://invitejs.trustpilot.com https://secure.viabill.com https://a.opmnstr.com https://display.ipaper.io https://widget.dixa.io https://connect.facebook.net https://static.hotjar.com https://consent.cookiebot.com https://api.videoly.co https://cdn.pushcrew.com https://online.adservicemedia.dk https://script.hotjar.com https://pricetag.viabill.com https://www.facebook.com https://adtr.io https://cdn.polyfill.io https://www.google.com https://www.gstatic.com https://static.criteo.net https://static.klaviyo.com https://fast.a.klaviyo.com https://cdn.ipaper.io https://sslwidget.criteo.com https://d1pna5l3xsntoj.cloudfront.net https://www.addwish.com https://ajax.googleapis.com https://consentcdn.cookiebot.com https://cdnjs.cloudflare.com https://dapi.videoly.co https://ssl.ditonlinebetalingssystem.dk https://maps.googleapis.com https://cdn.adt376.net https://cdn.adt311.net https://tagmanager.google.com https://do.beautycos.dk https://to.beautycos.de https://do.beautycos.co.uk https://id.beautycos.se https://pin.beautycos.no https://a.omappapi.com *.taboola.com https://s.kk-resources.com *.bing.com *.getblue.io https://cdn.lightwidget.com cdn.clerk.io https://ai.trk42.net *.videoly.co *.reepay.com https://api.clerk.io https://cdn.clerk.io www.google.com www.gstatic.com https://static-forms.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.googletagmanager.com *.facebook.net *.avada.io *.gstatic.com maps.googleapis.com https://widgets.trustedshops.com https://integrations.etrusted.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cdn.pushcrew.com https://static.klaviyo.com https://d1pna5l3xsntoj.cloudfront.net https://tagmanager.google.com https://cdn.ipaper.io *.omappapi.com https://api.clerk.io https://cdn.clerk.io *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com https://widget.dixa.io https://*.blog.beautycos.dk https://api.packship.eu 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com https://api.omappapi.com https://z.omappapi.com https://api.dixa.io wss://sockets.dixa.io https://*.blog.beautycos.dk https://www.google-analytics.com https://stats.g.doubleclick.net https://fast.a.klaviyo.com https://sslwidget.criteo.com https://a.klaviyo.com https://display.ipaper.io https://in.hotjar.com https://www.facebook.com https://vc.hotjar.io https://telemetrics.klaviyo.com https://do.beautycos.dk https://to.beautycos.de https://do.beautycos.co.uk https://id.beautycos.se https://pin.beautycos.no https://api.packship.eu https://invitejs.trustpilot.com https://www.addwish.com https://core.helloretail.com https://a.omappapi.com *.taboola.com *.klaviyo.com https://pagead2.googlesyndication.com *.algolia.io *.bing.com https://s.kelkoogroup.net https://static.klaviyo.com https://static-forms.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com *.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://static.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com use.fontawesome.com maxcdn.bootstrapcdn.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.tiktok.com tiktok.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com *.tiktok.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.sharethis.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com *.tiktok.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://static.afterpay.com https://site-assets.afterpay.com/ *.sharethis.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com *.klevu.com *.ksearchnet.com *.tiktok.com flagpedia.net https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.sharethis.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com js.klevu.com *.ksearchnet.com *.tiktok.com *.gstatic.com maps.googleapis.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.sharethis.com unsafe-inline assets.braintreegateway.com yotpo.com *.googleapis.com *.yotpo.com swellrewards.com *.swellrewards.com maxcdn.bootstrapcdn.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.tiktok.com tiktok.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com 'self' 'unsafe-inline'; manifest-src *.tiktok.com tiktok.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.sharethis.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com *.klevu.com *.ksearchnet.com *.tiktok.com www.gstatic.com maps.googleapis.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://2d02ba86-f55d-42ab-9b05-087fb2c163a0.sansec.watch/; report-to report-endpoint; 1
default-src https: blob: wss://*.zopim.com 'unsafe-inline' 'unsafe-eval' wss://*.travelmoneyoz.com:*; img-src https: blob: data:; font-src https: blob: data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.fcl.cloud https://*.travelmoneyoz.com https://www.googletagmanager.com https://*.google-analytics.com https://*.fullstory.com https://vxml4.plavxml.com https://*.nr-data.net https://*.usabilla.com http://*.usabilla.com https://*.newrelic.com https://d6tizftlrpuof.cloudfront.net https://cdnjs.cloudflare.com https://cdn.optimizely.com https://*.outbrain.com https://analytics.tiktok.com https://bat.bing.com https://cdn.abrankings.com https://connect.facebook.net https://edge.fullstory.com https://loader.wisepops.com https://wisepops.net https://s.pinimg.com https://snap.licdn.com https://googleads.g.doubleclick.net https://accounts.google.com https://*.pinterest.com https://*.evergage.com https://js.adsrvr.org https://static.criteo.net https://flightcentre-webchat.gotbot.co.za https://7226714.collect.igodigital.com https://cdn.pdst.fm https://*.hotjar.com https://tr.snapchat.com https://*.feefo.com https://koi-3qn5erhpry.marketingautomation.services https://cdn.jsdelivr.net https://*.stackla.com https://cdn.cookielaw.org https://sc-static.net https://developer.livehelpnow.net https://cdn.evgnet.com https://maps.googleapis.com https://sdk.joinsherpa.io https://cdn.wisepops.com https://*.quantserve.com https://*.livechatinc.com https://flightcentre.r-cubed.co.uk https://rules.quantcount.com https://*.criteo.com https://code.jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://register.feefo.com https://cdn.cookielaw.org; connect-src https://*.fcl.cloud wss://*.fcl.cloud https://*.flightcentre.com.au https://*.flightcentre.co.nz https://*.flightcentre.co.za https://*.flightcentre.ca https://*.flightcentre.co.uk https://*.fclmedia.com https://fcl-sydney-geo-7.ent.ap-southeast-2.aws.found.io https://*.launchdarkly.com https://*.optimizely.com *.nr-data.net https://*.fullstory.com https://*.google-analytics.com https://*.google.com https://*.google.com.au https://*.google.ca https://*.google.co.nz https://*.google.co.za https://*.google.co.uk https://*.evergage.com https://analytics.tiktok.com https://analytics.pangle-ads.com https://*.pinterest.com https://*.linkedin.com https://*.outbrain.com https://*.g.doubleclick.net https://wisepops.net https://*.wisepops.com https://*.feefo.com https://cdn.cookielaw.org https://developer.livehelpnow.net https://*.snapchat.com https://www.facebook.com https://bat.bing.com https://*.onetrust.com https://flightcentre.r-cubed.co.uk https://adservice.google.com https://www.google.com https://analytics.google.com https://www.googleadservices.com https://*.browser-intake-datadoghq.com https://*.criteo.com; frame-ancestors *.calypso.net.au *.travelmoneyoz.com; report-uri /api/csp_report?drupal=1; 1
report-uri https://fresh-tracks-canada.uriports.com/reports/report; report-to default 1
object-src 'none';base-uri 'self';script-src 'nonce-EiEDiexpkmegDR0hqyv3vA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.billboard.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src: https: 1
font-src *.googleapis.com *.gstatic.com *.livechatinc.com email.filmtools.com *.contivio.com *.akamaized.net use.fontawesome.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://www.shopperapproved.com *.facebook.com email.filmtools.com *.punchout2go.com *.tradecentric.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ https://static.addtoany.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.google.com *.facebook.com *.eventbrite.com docs.google.com *.livechatinc.com email.filmtools.com *.weltpixel.com *.punchout2go.com *.tradecentric.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.affirm.com *.affirm.ca *.trackedlink.net https://www.shopperapproved.com *.payments-amazon.com *.amazon-adsystem.com *.filmtools.com *.facebook.net *.facebook.com maps.googleapis.com maps.gstatic.com *.zmags.com bam.nr-data.net email.filmtools.com *.contivio.com *.shopperapproved.com *.answerbase.com assets.instantsearchplus.com ping-dot-acp-magento.appspot.com *.akamaized.net *.instantsearchplus.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.addtoany.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca *.acp-magento.appspot.com *.akamaized.net *.instantsearchplus.com *.fastsimon.com fastsimon-grid.akamaized.net *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://www.shopperapproved.com https://direct.shopperapproved.com *.livechatinc.com connect.facebook.net *.eventbrite.com *.zmags.com bam.nr-data.net email.filmtools.com *.contivio.com *.shopperapproved.com *.answerbase.com acp-magento.appspot.com ping-dot-acp-magento.appspot.com https://unpkg.com *.punchout2go.com *.tradecentric.com https://www.googletagmanager.com tagmanager.google.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.zmags.com email.filmtools.com *.contivio.com *.shopperapproved.com *.answerbase.com *.akamaized.net *.fastsimon.com use.fontawesome.com *.punchout2go.com *.tradecentric.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.livechatinc.com email.filmtools.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://stats.addtoany.com/menu api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.affirm.com *.affirm.ca *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.doubleclick.net maps.googleapis.com *.zmags.com bam.nr-data.net *.livechatinc.com email.filmtools.com *.shopperapproved.com *.answerbase.com *.akamaized.net *.fastsimon.com https://www.google-analytics.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'none'; object-src 'none'; script-src https://overgrow.com/logs/ https://overgrow.com/sidekiq/ https://overgrow.com/mini-profiler-resources/ https://overgrow.com/assets/ https://overgrow.com/brotli_asset/ https://overgrow.com/extra-locales/ https://overgrow.com/highlight-js/ https://overgrow.com/javascripts/ https://overgrow.com/plugins/ https://overgrow.com/theme-javascripts/ https://overgrow.com/svg-sprite/ 'report-sample' https://grower.cz/piwik/piwik.js https://js.stripe.com/v3/ https://assets.mantisadnetwork.com/mantodea.min.js https://ecs.mantisadnetwork.com/website/ads 'sha256-9MdCJGZqoXb6/d816rvLgJt14oUMkZptgCfncCZfl5k=' https://direct.mantisadnetwork.com/website/ads https://ad.doubleclick.net https://tags.crwdcntrl.net https://tags.crwdcntrl.net/* https://ad.doubleclick.net/*; worker-src 'self' https://overgrow.com/assets/ https://overgrow.com/brotli_asset/ https://overgrow.com/javascripts/ https://overgrow.com/plugins/; report-uri https://overgrow.com/csp_reports 1
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default 1
default-src 'self' cdn.synthetix.com ssc.synthetix.com;                     img-src 'self' syn-document-manager.s3.amazonaws.com cdn.synthetix.com ssc.synthetix.com data: *.google-analytics.com *.google.co.uk *.google.com *.facebook.com *.googletagmanager.com *.hotjar.com *.hotjar.io;                     font-src *.gstatic.com *.hotjar.com *.hotjar.io;                     frame-src *.facebook.com *.twitter.com *.hotjar.com *.hotjar.io *.google.com *.youtube.com https://wjecwebsitelive.blob.core.windows.net https://securelinks1.cmadvantage.co.uk/ https://wjec-cbac.leadfamly.com/ *.issuu.com/;                     object-src https://wjecwebsitelive.blob.core.windows.net;                     connect-src 'self' syn-document-manager.s3.amazonaws.com cdn.synthetix.com ssc.synthetix.com *.synthetix.com *.hotjar.io *.google-analytics.com *.hotjar.com *.fullstory.com *.doubleclick.net wss://*.hotjar.com *.getaddress.io *.analytics.google.com;                     style-src 'self' 'unsafe-inline' cdn.synthetix.com ssc.synthetix.com *.synthetix.com *.googleapis.com *.cloudfront.net;                     script-src 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com cdn.synthetix.com ssc.synthetix.com *.synthetix.com *.googletagmanager.com googleapis.com *.hotjar.com *.gstatic.com *.fullstory.com *.google-analytics.com *.aspnetcdn.com *.googleadservices.com *.facebook.net *.doubleclick.net 1
default-src 'self'; img-src * 1
font-src *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.liqui-moly.com liquimoly.cloudimg.io *.twofour.dev data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.twofour.dev 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ *.google.com/ js.mollie.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.liqi-moly.com walls.io *.walls.io *.cookiebot.com *.amazon-adsystem.com insight.adsrvr.org *.facebook.com *.twofour.dev 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.magezon.com https://www.mollie.com *.cloudimg.io *.liqi-moly.com liquimoly.cloudimg.io *.google.de *.google.com *.facebook.com *.twofour.dev data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.google.com/ js.mollie.com liquimoly.cloudimg.io *.scaleflex.it *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.liqi-moly.com walls.io *.walls.io *.cookiebot.com *.google-analytics.com *.googleadservices.com maps.googleapis.com googleapis.com connect.facebook.net service.liqui-moly.de *.twofour.dev 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com *.liqui-moly.com walls.io *.walls.io liquimoly.cloudimg.io *.twofour.dev 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.friendlycaptcha.com eu-api.friendlycaptcha.eu http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.liqi-moly.com walls.io *.walls.io *.cookiebot.com *.analytics.google.com *.twofour.dev 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com www.marijuana-seeds.nl data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com https://r1.dmtrk.net/signup.ashx *.yotpo.com www.marijuana-seeds.nl 'self' 'unsafe-inline'; frame-ancestors www.marijuana-seeds.nl 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://r1-t.trackedlink.net https://apis.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com *.freshchat.com https://cdn.euc-freshbots.ai *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com *.yotpo.com www.marijuana-seeds.nl 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io validate.fishpig.co.uk www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.kaltura.com https://www.gravatar.com *.gstatic.com www.xtento.com cdn.xtento.com *.yotpo.com www.marijuana-seeds.nl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://r1-t.trackedlink.net *.nosto.com https://stats.g.doubleclick.net https://apis.google.com https://www.googletagmanager.com https://www.google-analytics.com https://static.addtoany.com https://cdn.euc-freshbots.ai https://wchat.eu.freshchat.com *.cloudflare.com https://staticw2.yotpo.com *.mantisadnetwork.com *.crazyegg.com *.facebook.com *.kaltura.com *.freshrelevance.com *.cloudfront.net *.clarity.ms *.freshchat.com https://eu.fw-cdn.com tagmanager.google.com www.xtento.com cdn.xtento.com *.yotpo.com www.marijuana-seeds.nl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com https://cdn.euc-freshbots.ai *.freshchat.com https://eu.fw-cdn.com https://cdn.jsdelivr.net tagmanager.google.com *.yotpo.com *.googleapis.com www.marijuana-seeds.nl 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://www.youtube.com *.marijuana-seeds.nl www.marijuana-seeds.nl 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com https://r1-t.trackedlink.net *.nosto.com https://cdn.euc-freshbots.ai https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://wchat.eu.freshchat.com https://assetscdn-wchat.eu.freshchat.com https://stats.addtoany.com *.crazyegg.com wss://am.freshrelevance.com *.freshrelevance.com https://c8.dycdn.net/ https://dn1i8v75r669j.cloudfront.net *.clarity.ms *.freshchat.com https://eu.fw-cdn.com *.yotpo.com www.marijuana-seeds.nl 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.marijuana-seeds.nl http: https: blob: 'self' 'unsafe-inline'; default-src www.marijuana-seeds.nl 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleapis.com logs1412.xiti.com *.adnxs.com *.criteo.com *.outbrain.com *.pubmatic.com visitor.omnitagjs.com ad.360yield.com match.sharethrough.com ad.tpmn.co.kr www.googletagmanager.com *.tiktok.com *.clarity.ms www.bateauxparisiens.com *.smartadserver.com tapestry.tapad.com cdn.cookielaw.org analytics.google.com ade.clmbtech.com trends.revcontent.com partner.mediawallahscript.com *.doubleclick.net tag.aticdn.net *.taboola.com sync.1rx.io *.facebook.com *.bidswitch.net *.rubiconproject.com sync.aralego.com jadserve.postrelease.com adservice.google.com *.onetrust.com *.gstatic.com www.youtube.com www.google.com *.zemanta.com s.ad.smaato.net www.google.fr e1.emxdgt.com *.googleadservices.com c.bing.com region1.analytics.google.com criteo-partners.tremorhub.com *.casalemedia.com eb2.3lift.com *.facebook.net sync-criteo.ads.yieldmo.com *.googlesyndication.com ads.stickyadstv.com exchange.mediavine.com *.criteo.net i.liadm.com contextual.media.net criteo-sync.teads.tv ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src fonts.gstatic.com use.typekit.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.awin1.com *.zenaps.com *.fls.doubleclick.net https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com https://images.unsplash.com *.awin1.com *.zenaps.com *.wepowerconnections.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.adyen.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://polyfill-fastly.io https://browser.sentry-cdn.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.adyen.com *.wepowerconnections.com https://the.sciencebehindecommerce.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.friendlycaptcha.com eu-api.friendlycaptcha.eu https://*.ingest.sentry.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
child-src ; connect-src 'self' analytics.google.com analytics.tiktok.com *.bellhop.com *.bellhops.dev api.omappapi.com api.segment.io api-js.mixpanel.com api-us-east-1.graphcms.com bat.bing.com bellhop.extole.io *.clarity.ms *.fullstory.com cdn.segment.com ct.pinterest.com *.growthbook.io *.ingest.sentry.io *.intercom.io nexus-websocket-a.intercom.io maps.googleapis.com pnapi.invoca.net *.shop.pe stats.g.doubleclick.net www.google-analytics.com *.taboola.com *.zdassets.com bellhop.zendesk.com; default-src ; font-src 'self' fonts.gstatic.com js.intercomcdn.com; form-action ct.pinterest.com www.facebook.com; frame-src bid.g.doubleclick.net td.doubleclick.net ct.pinterest.com js.stripe.com www.facebook.com; img-src 'self' ag.innovid.com analytics.twitter.com apolloprogram.io b1sync.zemanta.com bat.bing.com c.us1.dyntrk.com cm.adgrx.com cm.eyereturn.com cmi.netseer.com ct.pinterest.com d.adroll.com flask.nextdoor.com googleads.g.doubleclick.net ib.adnxs.com idsync.rlcdn.com js.intercomcdn.com *.loggly.com load.instinctiveads.com media.graphassets.com media.graphcms.com origin.xtlo.net p.truefitcorp.com pippio.com secure.insightexpressai.com segments.company-target.com static.intercomassets.com su.addthis.com sync.smartadserver.com t.co track2.securedvisit.com ups.analytics.yahoo.com us-u.openx.net vop.sundaysky.com wam.solution.weborama.fr www.facebook.com www.google.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.storygize.net x.bidswitch.net x.skimresources.com; manifest-src 'self'; media-src ; script-src 'unsafe-eval' 'unsafe-inline'; script-src-attr ; script-src-elem 'self' 'unsafe-inline' a.omappapi.com *.adroll.com addshoppers.s3.amazonaws.com ads.nextdoor.com analytics.tiktok.com bat.bing.com bellhop.extole.io cdn.segment.com connect.facebook.net d.impactradius-event.com edge.fullstory.com googleads.g.doubleclick.net js.intercomcdn.com js.stripe.com maps.googleapis.com pnapi.invoca.net s.pinimg.com shop.pe *.shop.pe solutions.invocacdn.com static.ads-twitter.com *.taboola.com widget.intercom.io www.clarity.ms www.google-analytics.com www.googleadservices.com www.googletagmanager.com *.zdassets.com; style-src ; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' a.omappapi.com fonts.googleapis.com origin.xtlo.net; worker-src ; 1
default-src 'self';style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://cdn.matomo.cloud https://hensoldt.nanorep.co https://www.googletagmanager.com https://www.google-analytics.com https://cdn.consentmanager.net https://delivery.consentmanager.net https://a.delivery.consentmanager.net https://e2eg.co.uk https://www.buzzsprout.com https://*.addthis.com https://z.moatads.com https://*.addthisedge.com; img-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://a.delivery.consentmanager.net https://delivery.consentmanager.net https://cdn.consentmanager.net https://www.kununu.com https://*.amazonaws.com data:; frame-src https://cdn.consentmanager.net https://www.youtube.com https://www.youtube-nocookie.com https://www.buzzsprout.com https://*.addthis.com; connect-src 'self' https://hensoldt.matomo.cloud https://hensoldt.nanorep.co https://visitor-services.nanorep.com https://m.addthis.com; object-src 'none'; report-uri /csp.php 1
base-uri 'self';  default-src 'self';  object-src 'none';  script-src 'self' https: https://cdn.hu-manity.co https://fast.wistia.com https://goto.corebts.com https://js.hscta.net https://js.hsforms.net https://maps.googleapis.com https://meet.jit.si https://platform.twitter.com https://player.vimeo.com https://www.googletagmanager.com; style-src 'self' https: https://cdnjs.cloudflare.com https://fonts.googleapis.com; img-src 'self' https: https://fast.wistia.com https://no-cache.hubspot.com https://secure.gravatar.com; font-src 'self' https: https://cdnjs.cloudflare.com; frame-src 'self' https: https://corebtsinc.applytojob.com https://player.vimeo.com https://www.google.com https://www.googletagmanager.com; 1
base-uri 'self'; default-src 'self' data: https: wss:; frame-ancestors 'self'; frame-src https://www.googletagmanager.com https://bid.g.doubleclick.net https://td.doubleclick.net https://ct.pinterest.com https://*.stripe.com https://stripe.com https://*.youtube.com https://youtube.com https://www.facebook.com https://player.vimeo.com; form-action 'self' https://*.facebook.com; block-all-mixed-content true; script-src 'nonce-MzEzUVQzNUhPNDgrSiotdERIbFZOMmpKNy1rbytCdUg=' https://www.preplounge.com 'strict-dynamic' https: 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'self' data: https: wss: 'unsafe-inline'; img-src * data: blob:; connect-src 'self' https: wss: blob:; worker-src blob:; report-uri /en/misc/csp-report 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' https:; font-src 'self' use.typekit.net/af/ d1p8b7m2zl7a4f.cloudfront.net d2e0vf92j9kzr0.cloudfront.net/ cdn.myalex.com/ localhost:* host.docker.internal:* data:; img-src 'self' https: d2e0vf92j9kzr0.cloudfront.net/ d1p8b7m2zl7a4f.cloudfront.net cdn.usersnap.com/classic/ localhost:* host.docker.internal:* data:; object-src 'none'; script-src 'self' https: d2e0vf92j9kzr0.cloudfront.net/ d1p8b7m2zl7a4f.cloudfront.net cdn.usersnap.com/classic/ chat.myalex.com/widget.js localhost:* host.docker.internal:* 'unsafe-eval' 'unsafe-inline'; style-src 'self' https: localhost:* host.docker.internal:* p.typekit.net/p.css d2e0vf92j9kzr0.cloudfront.net/ data: d1p8b7m2zl7a4f.cloudfront.net use.typekit.net/nwy7lbs.css cdn.myalex.com/ 'unsafe-inline'; frame-src 'self' https: login.myalex.com localhost:* host.docker.internal:* chat.datatrough.com/; connect-src 'self' https: localhost:* host.docker.internal:* ingest-dev.jellydevs.com/ data: audio.myalex.com/ d2e0vf92j9kzr0.cloudfront.net d1p8b7m2zl7a4f.cloudfront.net; media-src 'self' https: d1p8b7m2zl7a4f.cloudfront.net d2e0vf92j9kzr0.cloudfront.net/; report-uri https://api.honeybadger.io/v1/browser/csp?api_key=952b0e8e&env=production 1
object-src 'none';base-uri 'self';script-src 'nonce-fR9q83upQ6ZnJIXYFyYwCQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.sentry-cdn.com *.googletagmanager.com *.youtube.com *.doubleclick.net *.google.com formalyzer.com tracking.leadlander.com fonts.gstatic.com t.sf14g.com maxcdn.bootstrapcdn.com fonts.googleapis.com *.google-analytics.com player.vimeo.com 1
default-src 'self' ;             base-uri 'self' ;             object-src 'none' ;             script-src 'self' 'unsafe-eval' 'nonce-XFJGDRhmjsUnBbd7yz11xQ==' *.googleapis.com *.baidu.com *.zohocdn.com *.cloudfront.net *.googletagmanager.com *.youtube.com ;             connect-src 'self' *.googleapis.com *.google-analytics.com ws: data: ;             font-src 'self' *.gstatic.com *.zohowebstatic.com *.zohostatic.com *.zohocdn.com data:  ;             style-src 'self' 'unsafe-inline' *.zoho.com *.zohocdn.com ;             frame-src 'self' * ;             img-src 'self' *.ytimg.com *.zohoexternal.com *.zohocdn.com data: 1
script-src 'nonce-6Laqu7iW1l3oVR1pDG/wiz27Q3S1LM6D' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'self' https: http:; report-uri /.netlify/functions/__csp-violations 1
font-src *.klevu.com *.ksearchnet.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com data: *.klarnacdn.net *.photoslurp.com *.klaviyo.com *.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com *.google.com *.facebook.com *.pinterest.com *.doubleclick.net *.googlesyndication.com *.klarnaservices.com *.cookiebot.com *.paypalobjects.com *.klarna.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://www.magezon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.google.com *.google.lv *.google.com.eg *.googletagmanager.com *.bing.com *.facebook.com *.pinterest.com *.clarity.ms *.linkedin.com *.doubleclick.net *.photoslurp.com *.googlesyndication.com formfacade.com *.sciconsports.com *.cookiebot.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.googleapis.com *.google.com *.gstatic.com *.google.lv *.fittingbox.com *.klarnaservices.com *.licdn.com *.googletagmanager.com *.googlesyndication.com *.photoslurp.com *.hotjar.com *.bing.com *.facebook.net *.clarity.ms *.googleadservices.com formfacade.com *.klarna.com *.cookiebot.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com *.klarnacdn.net *.photoslurp.com formfacade.com *.klaviyo.com *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com *.paypal.com *.pinterest.com *.googleapis.com *.clarity.ms *.google-analytics.com *.photoslurp.com *.google.com *.doubleclick.net *.klarnaservices.com *.googlesyndication.com formfacade.com *.firebaseio.com *.sciconsports.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.linkedin.com *.klarna.com *.klarnaevt.com *.cookiebot.com *.gstatic.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'self' https://api.mapbox.com https://cdn.jsdelivr.net https://cdn.visionme.de https://cdnjs.cloudflare.com https://js.hs-scripts.com https://maps.googleapis.com https://unpkg.com https://www.google.com js-eu1.hs-scripts.com localhost:35729 unpkg.com; script-src-attr 'self'; style-src 'self' https://api.mapbox.com https://cdn.jsdelivr.net https://cdn.visionme.de https://cdnjs.cloudflare.com https://unpkg.com unpkg.com 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 1
connect-src 'self' 'report-sample' data: blob: ws: wss: wss://stream.preenviron.com https://ekr.zdassets.com https://mc.yandex.com https://d.adroll.com https://analytics.google.com https://mc.yandex.com https://wa.appsflyer.com https://www.google.com.hk wss://stream.preenviron.com https://mc.yandex.com https://mc.yandex.com https://stats.g.doubleclick.net https://wa.onelink.me https://www.google.com.tr https://www.google.com.my https://cointrcom.zendesk.com https://infragrid.v.network;frame-src 'self' 'report-sample' blob: data: https://pixel.mathtag.com https://mc.yandex.com https://x.adroll.com https://td.doubleclick.net https://api.sumsub.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample' blob: data: https://static.zdassets.com https://dn-staticdown.qbox.me https://static.geevisit.com https://static.geetest.com;report-uri https://6524fd030fcafd85d341f230.endpoint.csper.io?v=5; 1
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.onet.pl::BPROD_3_9_3_BOTTOMDETAIL 1
default-src 'self' *.ctfassets.net *.trackjs.com *.demdex.net; font-src 'self' *.gstatic.com; img-src 'self' *.ctfassets.net *.trackjs.com costalimited.d3.sc.omtrdc.net *.gstatic.com data: *.onetrust.com cm.everesttech.net *.googleapis.com; connect-src 'self' *.go-mpulse.net cdn-ukwest.onetrust.com trial-eum-clientnsv4-s.akamaihd.net trial-eum-clienttons-s.akamaihd.net *.akstat.io *.demdex.net costalimited.d3.sc.omtrdc.net *.onetrust.io *.trackjs.com maps.googleapis.com; script-src 'self'; script-src-elem 'self' 'unsafe-inline' assets.adobedtm.com *.go-mpulse.net cdn-ukwest.onetrust.com maps.googleapis.com fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline'; style-src 'self'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com; script-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://costa.report-uri.com/r/t/csp/reportOnly; report-to default 1
default-src 'self'; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.cookielaw.org *.dhl.com *.obi4wan.com cdnjs.cloudflare.com *.jsdelivr.net unpkg.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.jsdelivr.net cdnjs.cloudflare.com; img-src 'self' data: *.cookielaw.org; media-src 'self' *.youtube.com; frame-src 'self' *.google.com *.googletagmanager.com *.dhl.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' *.googleusercontent.com; connect-src 'self' *.cookielaw.org *.dhl.com *.onetrust.com  *.obi4wan.com *.obi4wan.ai; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net *.google.com *.google.co.uk *.googletagmanager.com *.google-analytics.com fitchconnect.piwikpro.com fitchconnect.piwik.pro cdn.polyfill.io *.brightcove.net munchkin.market.net your.fitchratings.com *.evidon.com cdn2.funnelenvy.com script.crazyegg.com snap.licdn.com *.clearbitscripts.com *.clearbit.com *.idio.co chart-studio.plotly.com public.flourish.studio app.fitchconnect-stg.com *.fitchconnect.com *.fitch.group *.jotjar.com vjs.zencdn.net *.mktorest.com *.clearbitjs.com *.ads-twitter.com *.googleadservices.com googleads.g.doubleclick.net *.linkedin.com *.ads.linkedin.com *.amazonaws.com *.google-analytics.com *.analytics.google.com *.twitter.com *.facebook.com *.linkedin.com *.youtube.com *.googleapis.com *.facebook.net *.evidon.com *.crwdcntrl.net *.addtoany.com cdn.jsdelivr.net bat.bing.com snap.licdn.com hm.baidu.com *.ads-twitter.com script.crazyegg.com *.hotjar.com *.marketo.net *.funnelenvy.com *.ctnsnet.com *.typekit.net *.woopra.com consentag.eu; object-src 'self'; style-src 'self' 'unsafe-inline' https: blob: *.amazonaws.com *.googleapis.com *.googletagmanager.com your.fitchratings.com fonts.googleapis.com *.fitch.group *.hotjar.com; img-src 'self' 'unsafe-inline' https: blob: data: *.amazonaws.com *.doubleclick.net *.google-analytics.com *.google.com *.google.co.in *.google.de *.google.co.jp *.google.co.uk *.google.fr *.google.com.br *.google.it *.google.es *.google.com.mx *.google.ca *.google.com.au *.google.com.tr *.google.nl *.google.pl *.google.co.id *.google.com.ar *.google.com.sa *.google.com.eg *.google.co.th *.google.com.my *.google.co.za *.google.com.sg *.google.com.tw *.google.be *.google.com.ua *.google.se *.google.ch *.google.at *.google.com.co *.google.pt *.google.dk *.google.fi *.google.no *.google.gr *.google.hu *.google.cz *.google.ro; media-src 'self' *.youtube.com; frame-src 'self' 'unsafe-inline' *.brightcove.net *.doubleclick.net vars.hotjar.com *.addtoany.com *.facebook.com bid.g.doubleclick.net *.fls.doubleclick.net *.fitchratings.com *.evidon.com infogram.com e.infogram.com infogram-download-eu.s3.eu-west-1.amazonaws.com infogram-download-us2.s3.eu-west-1.amazonaws.com your.fitch.group flo.uri.sh plotly.com chart-studio.plotly.com fitchgroup.eu.qualtrics.com indd.adobe.com *.hotjar.com bid.g.doubleclick.net *.fls.doubleclick.net td.doubleclick.net i.ctnsnet.com tags.crwdcntrl.net px.ads.linkedin.com *.gtm.js i.ctnsnet.com *.googletagmanager.com *.flashtalking.com *.lpsnmedia.net consentag.eu; frame-ancestors 'self'; child-src 'self'; font-src 'self' 'unsafe-inline' https: data: *.fitchratings.com fonts.gstatic.com *.hotjar.com; connect-src 'self' https: blob: wss: *.doubleclick.net *.funnelenvy.com *.hotjar.com *.mktoresp.com bat.bing.com *.ipinfo.io *.google-analytics.com notify.bugsnag.com https://a.clarity.ms *.linkedin.oribi.io *.googletagmanager.com *.fitchratings.com *.brightcove.com *.brightcove.net 732-ckh-767.mktoresp.com fx.fitchgroup.co *.boltdns.net *.akamaihd.net *.crazyegg.com *.idio.co *.brightcovecdn.com *.marketo.net *.fitch.group *.evidon.com *.google.com *.google.co.uk *.twitter.com fonts.googleapis.com *.piwikpro.com *.piwik.pro snap.licdn.com images.ctfassets.net fonts.gstatic.com stats.g.doubleclick.net api.sjpf.io api.fpjs.io *.analytics.google.com *.mktorest.com *.clearbit.com td.doubleclick.net i.ctnsnet.com tags.crwdcntrl.net px.ads.linkedin.com *.gtm.js i.ctnsnet.com *.google.co.in *.google.de *.google.co.jp *.google.fr *.google.com.br *.google.it *.google.es *.google.com.mx *.google.ca *.google.com.au *.google.com.tr *.google.nl *.google.pl *.google.co.id *.google.com.ar *.google.com.sa *.google.com.eg consentag.eu; report-uri /report-csp-violation 1
default-src 'self'; script-src 'nonce-KjlwR0pVUGk3YkR1dFRBV2ZmIUo=' 'self' inline 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://cse.google.com https://connect.facebook.net; script-src-attr 'self' 'unsafe-inline' inline; style-src 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline' inline; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://region1.analytics.google.com https://region1.google-analytics.com https://www.google-analytics.com https://analytics.google.com https://www.google.ch https://www.google.nl https://www.google.it https://www.google.fr https://www.googletagmanager.com https://stats.g.doubleclick.net; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://ige.prospective.ch https://td.doubleclick.net; img-src 'self' data: https://www.google.ch https://www.googletagmanager.com https://www.google-analytics.com https://www.google.de https://www.google.it https://i.ytimg.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; report-uri /CspReportLogger.php 1
frame-src 'self' static.addtoany.com; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://ajax.googleapis.com/ajax/libs/jqueryui/1.13.2/jquery-ui.min.js https://ajax.googleapis.com/ajax/libs/jquery/3.7.0/jquery.min.js cdn.jsdelivr.net https://cdn.jsdelivr.net mdbootstrap.com; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://ajax.googleapis.com/ajax/libs/jqueryui/1.13.2/jquery-ui.min.js https://ajax.googleapis.com/ajax/libs/jquery/3.7.0/jquery.min.js cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://use.fontawesome.com mdbootstrap.com use.fontawesome.com; frame-ancestors 'self' static.addtoany.com 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: adservice.google.com apikeys.civiccomputing.com *.googleapis.com secure.golp4elik.com *.gstatic.com www.google.com cdn.jsdelivr.net *.doubleclick.net www.googletagmanager.com *.linkedin.com region1.analytics.google.com analytics.google.com *.licdn.com cc.cdn.civiccomputing.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src *.typekit.net *.klarnacdn.net *.klevu.com *.ksearchnet.com cdn.bestheating.com cdn.bestheating.ie cdn.bigbathroomshop.co.uk cdn.bigbathroomshop.ie cdnes.hudsonreed.com cdnit.hudsonreed.com cdn.de.hudsonreed.com cdn.fr.hudsonreed.com cdn.nl.hudsonreed.com cdn.usa.hudsonreed.com cdn.bhuk.magestage.co.uk cdn.bhie.magestage.co.uk cdn.bbsuk.magestage.co.uk cdn.bbsie.magestage.co.uk cdn.hres.magestage.co.uk cdn.hrit.magestage.co.uk cdn.hrde.magestage.co.uk cdn.hrfr.magestage.co.uk cdn.hrnl.magestage.co.uk cdn.hrus.magestage.co.uk cdn.bhuk.magedev6.co.uk cdn.bhie.magedev6.co.uk cdn.bbsuk.magedev6.co.uk cdn.bbsie.magedev6.co.uk cdn.hres.magedev6.co.uk cdn.hrit.magedev6.co.uk cdn.hrde.magedev6.co.uk cdn.hrfr.magedev6.co.uk cdn.hrnl.magedev6.co.uk cdn.hrus.magedev6.co.uk *.sirv.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * cdn.bestheating.com cdn.bestheating.ie cdn.bigbathroomshop.co.uk cdn.bigbathroomshop.ie cdnes.hudsonreed.com cdnit.hudsonreed.com cdn.de.hudsonreed.com cdn.fr.hudsonreed.com cdn.nl.hudsonreed.com cdn.usa.hudsonreed.com cdn.bhuk.magestage.co.uk cdn.bhie.magestage.co.uk cdn.bbsuk.magestage.co.uk cdn.bbsie.magestage.co.uk cdn.hres.magestage.co.uk cdn.hrit.magestage.co.uk cdn.hrde.magestage.co.uk cdn.hrfr.magestage.co.uk cdn.hrnl.magestage.co.uk cdn.hrus.magestage.co.uk cdn.bhuk.magedev6.co.uk cdn.bhie.magedev6.co.uk cdn.bbsuk.magedev6.co.uk cdn.bbsie.magedev6.co.uk cdn.hres.magedev6.co.uk cdn.hrit.magedev6.co.uk cdn.hrde.magedev6.co.uk cdn.hrfr.magedev6.co.uk cdn.hrnl.magedev6.co.uk cdn.hrus.magedev6.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.google.co.uk *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com cdn.bestheating.com cdn.bestheating.ie cdn.bigbathroomshop.co.uk cdn.bigbathroomshop.ie cdnes.hudsonreed.com cdnit.hudsonreed.com cdn.de.hudsonreed.com cdn.fr.hudsonreed.com cdn.nl.hudsonreed.com cdn.usa.hudsonreed.com cdn.bhuk.magestage.co.uk cdn.bhie.magestage.co.uk cdn.bbsuk.magestage.co.uk cdn.bbsie.magestage.co.uk cdn.hres.magestage.co.uk cdn.hrit.magestage.co.uk cdn.hrde.magestage.co.uk cdn.hrfr.magestage.co.uk cdn.hrnl.magestage.co.uk cdn.hrus.magestage.co.uk cdn.bhuk.magedev6.co.uk cdn.bhie.magedev6.co.uk cdn.bbsuk.magedev6.co.uk cdn.bbsie.magedev6.co.uk cdn.hres.magedev6.co.uk cdn.hrit.magedev6.co.uk cdn.hrde.magedev6.co.uk cdn.hrfr.magedev6.co.uk cdn.hrnl.magedev6.co.uk cdn.hrus.magedev6.co.uk *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io *.doubleclick.net stats.g.doubleclick.net https://bat.bing.com www.facebook.com connect.facebook.net www.gstatic.com services.postcodeanywhere.co.uk csi.gstatic.com *.sirv.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com *.onetrust.com www.googleadservices.com www.google-analytics.com unsafe-inline googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klarna.com *.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com cdn.bestheating.com cdn.bestheating.ie cdn.bigbathroomshop.co.uk cdn.bigbathroomshop.ie cdnes.hudsonreed.com cdnit.hudsonreed.com cdn.de.hudsonreed.com cdn.fr.hudsonreed.com cdn.nl.hudsonreed.com cdn.usa.hudsonreed.com cdn.bhuk.magestage.co.uk cdn.bhie.magestage.co.uk cdn.bbsuk.magestage.co.uk cdn.bbsie.magestage.co.uk cdn.hres.magestage.co.uk cdn.hrit.magestage.co.uk cdn.hrde.magestage.co.uk cdn.hrfr.magestage.co.uk cdn.hrnl.magestage.co.uk cdn.hrus.magestage.co.uk cdn.bhuk.magedev6.co.uk cdn.bhie.magedev6.co.uk cdn.bbsuk.magedev6.co.uk cdn.bbsie.magedev6.co.uk cdn.hres.magedev6.co.uk cdn.hrit.magedev6.co.uk cdn.hrde.magedev6.co.uk cdn.hrfr.magedev6.co.uk cdn.hrnl.magedev6.co.uk cdn.hrus.magedev6.co.uk *.visualwebsiteoptimizer.com *.google.com *.googlecommerce.com bat.bing.com connect.facebook.net unpkg.com app.digitalbridgehq.com s.pinimg.com ct.pinterest.com trues11114.pcapredict.com services.postcodeanywhere.co.uk secure.cimg.leguide.com s.kk-resources.com storage.googleapis.com *.sirv.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.typekit.net *.klarnacdn.net https://static.klaviyo.com *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com cdn.bestheating.com cdn.bestheating.ie cdn.bigbathroomshop.co.uk cdn.bigbathroomshop.ie cdnes.hudsonreed.com cdnit.hudsonreed.com cdn.de.hudsonreed.com cdn.fr.hudsonreed.com cdn.nl.hudsonreed.com cdn.usa.hudsonreed.com cdn.bhuk.magestage.co.uk cdn.bhie.magestage.co.uk cdn.bbsuk.magestage.co.uk cdn.bbsie.magestage.co.uk cdn.hres.magestage.co.uk cdn.hrit.magestage.co.uk cdn.hrde.magestage.co.uk cdn.hrfr.magestage.co.uk cdn.hrnl.magestage.co.uk cdn.hrus.magestage.co.uk cdn.bhuk.magedev6.co.uk cdn.bhie.magedev6.co.uk cdn.bbsuk.magedev6.co.uk cdn.bbsie.magedev6.co.uk cdn.hres.magedev6.co.uk cdn.hrit.magedev6.co.uk cdn.hrde.magedev6.co.uk cdn.hrfr.magedev6.co.uk cdn.hrnl.magedev6.co.uk cdn.hrus.magedev6.co.uk *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io services.postcodeanywhere.co.uk *.sirv.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com cdn.bestheating.com cdn.bestheating.ie cdn.bigbathroomshop.co.uk cdn.bigbathroomshop.ie cdnes.hudsonreed.com cdnit.hudsonreed.com cdn.de.hudsonreed.com cdn.fr.hudsonreed.com cdn.nl.hudsonreed.com cdn.usa.hudsonreed.com cdn.bhuk.magestage.co.uk cdn.bhie.magestage.co.uk cdn.bbsuk.magestage.co.uk cdn.bbsie.magestage.co.uk cdn.hres.magestage.co.uk cdn.hrit.magestage.co.uk cdn.hrde.magestage.co.uk cdn.hrfr.magestage.co.uk cdn.hrnl.magestage.co.uk cdn.hrus.magestage.co.uk cdn.bhuk.magedev6.co.uk cdn.bhie.magedev6.co.uk cdn.bbsuk.magedev6.co.uk cdn.bbsie.magedev6.co.uk cdn.hres.magedev6.co.uk cdn.hrit.magedev6.co.uk cdn.hrde.magedev6.co.uk cdn.hrfr.magedev6.co.uk cdn.hrnl.magedev6.co.uk cdn.hrus.magedev6.co.uk 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.onetrust.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.google.co.uk vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com cdn.bestheating.com cdn.bestheating.ie cdn.bigbathroomshop.co.uk cdn.bigbathroomshop.ie cdnes.hudsonreed.com cdnit.hudsonreed.com cdn.de.hudsonreed.com cdn.fr.hudsonreed.com cdn.nl.hudsonreed.com cdn.usa.hudsonreed.com cdn.bhuk.magestage.co.uk cdn.bhie.magestage.co.uk cdn.bbsuk.magestage.co.uk cdn.bbsie.magestage.co.uk cdn.hres.magestage.co.uk cdn.hrit.magestage.co.uk cdn.hrde.magestage.co.uk cdn.hrfr.magestage.co.uk cdn.hrnl.magestage.co.uk cdn.hrus.magestage.co.uk cdn.bhuk.magedev6.co.uk cdn.bhie.magedev6.co.uk cdn.bbsuk.magedev6.co.uk cdn.bbsie.magedev6.co.uk cdn.hres.magedev6.co.uk cdn.hrit.magedev6.co.uk cdn.hrde.magedev6.co.uk cdn.hrfr.magedev6.co.uk cdn.hrnl.magedev6.co.uk cdn.hrus.magedev6.co.uk *.visualwebsiteoptimizer.com app.vwo.com https://bat.bing.com *.doubleclick.net stats.g.doubleclick.net eu.prd.ar.digitalbridgehq.com eu.prd.impact.fixtuur.com ct.pinterest.com services.postcodeanywhere.co.uk eu.events.digitalbridgehq.com pagead2.googlesyndication.com region1.google-analytics.com *.sirv.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: unifi.com.my *.clarity.ms c.bing.com www.google.com www.google.com.sg *.outbrain.com *.tiktok.com home.unifi.com.my *.googleapis.com rs.fullstory.com edge.fullstory.com www.googletagmanager.com www.youtube.com cdn-geoweb.s3.amazonaws.com *.gstatic.com rewards.unifi.com.my secure.quantserve.com prreqcroab.icu cdn.moengage.com www.google-analytics.com rules.quantcount.com sites estore.unifi.com.my *.doubleclick.net *.facebook.com *.facebook.net fonts.bunny.net cdnjs.cloudflare.com adservice.google.com pixel.quantserve.com analytics.google.com unpkg.com www.blacknut.com playtv.unifi.com.my:7047 app-cdn.moengage.com www.google.com.my image.moengage.com *.googleadservices.com sdk-01.moengage.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src *.klarnacdn.net https://geowidget.easypack24.net *.gstatic.com 'self' data: *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com cdn.thulium.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ pay.google.com play.google.com testpay.autopay.eu pay.autopay.eu testcards.autopay.eu cards.autopay.eu *.klarna.com https://www.googletagmanager.com/ https://geowidget-app.inpost.pl/ *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.kratki.com *.cookiebot.com pudofinder.dpd.com.pl *.pinterest.com *.ceneo.pl *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io platnosci.bm.pl platnosci-accept.bm.pl www.gstatic.com testimages.autopay.eu images.autopay.eu *.klarna.com *.klarnaevt.com *.klarnacdn.net https://cdn.flbx.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.hsforms.net *.hsforms.com 'self' data: *.cookiebot.com *.clarity.ms *.bing.com *.kratki.com *.google.pl *.facebook.com *.google.com *.doubleclick.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ testcards.autopay.eu cards.autopay.eu pay.google.com *.google-analytics.com *.googletagmanager.com *.klarna.com *.klarnacdn.net *.snrbox.com https://cdn.flbx.io https://connect.getflowbox.com http://connect.getflowbox.com *.klarnaservices.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ cdnjs.cloudflare.com s7.addthis.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.hsforms.net *.hsforms.com *.google.com *.gstatic.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.link.com *.kratki.com cdn.thulium.com *.cookiebot.com *.cloudfront.net *.clarity.ms *.googleapis.com *.ceneo.pl *.cloudflareinsights.com *.facebook.net s.pinimg.com bat.bing.com analytics.tiktok.com *.pinterest.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com testpay.autopay.eu pay.autopay.eu testcards.autopay.eu cards.autopay.eu *.googleapis.com *.snrcdn.net *.klarnacdn.net https://geowidget.easypack24.net https://geowidget.inpost.pl *.gstatic.com *.stripe.network *.stripecdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://geowidget.easypack24.net cdn.thulium.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.klarnaevt.com *.snrbox.com https://*.amazonaws.com https://cdn.flbx.io https://connect.getflowbox.com http://connect.getflowbox.com *.klarnacdn.net *.klarna.com *.klarnaservices.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ ekr.zdassets.com/ *.easypack24.net *.inpost.pl *.openstreetmap.org t.elasticsuite.io *.hsforms.net *.hsforms.com *.stripe.com klarna.com *.link.com *.kratki.com *.googlesyndication.com *.clarity.ms cdn.thulium.com *.googleapis.com *.google.com *.doubleclick.net *.pinterest.com analytics.tiktok.com *.cookiebot.com google.com *.bing.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src *; child-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; frame-ancestors 'self'; font-src * data:; report-uri /csp_report; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com https://d1givitoj7uukl.cloudfront.net http://cdnjs.cloudflare.com https://static.dhlparcel.nl https://shoesme.b-cdn.net https://*.hotjar.com https://v2.zopim.com www.shoesme.nl data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.shoesme.nl 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.shoesme.nl 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net *.facebook.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://consentcdn.cookiebot.com https://vars.hotjar.com https://ct.pinterest.com https://www.sovendus-connect.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com *.criteo.com www.shoesme.nl 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com validate.fishpig.co.uk https://www.mollie.com https://api.mapbox.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://* www.shoesme.nl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://snapppt.com https://cdn.snapppt.com https://api.snapppt.com https://cdn.addsauce.com https://app.addsauce.com https://api.addsauce.com http://cdnjs.cloudflare.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://static.dhlparcel.nl https://maps.googleapis.com https://pagead2.googlesyndication.com https://shoesme.b-cdn.net https://bat.bing.com https://www.clarity.ms https://*.hotjar.com https://s.pinimg.com https://v2.zopim.com https://static.zdassets.com https://www.dwin1.com https://api.sovendus.com www.shoesme.nl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com unsafe-inline assets.braintreegateway.com https://d1givitoj7uukl.cloudfront.net https://static.dhlparcel.nl https://shoesme.b-cdn.net https://*.hotjar.com www.shoesme.nl 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.shoesme.nl 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com autocomplete2.postdirekt.de https://stats.g.doubleclick.net https://snapppt.com https://app.addsauce.com https://consentcdn.cookiebot.com https://maps.googleapis.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://shoesme.b-cdn.net https://ekr.zdassets.com https://ct.pinterest.com https://bat.bing.com https://*.clarity.ms wss://widget-mediator.zopim.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://identification-api.sovendus.com https://press-tracking-api.sovendus.com the.sciencebehindecommerce.com www.shoesme.nl 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.shoesme.nl http: https: blob: 'self' 'unsafe-inline'; default-src www.shoesme.nl 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'report-sample' charanga.com charanga.com *.charanga.com *.charangascotland.co.uk *.charanga.in *.charanga.scot www.musicservice.wales www.gwasanaethcerdd.cymru *.charanga.dk www.musicfirstelementary.com www.charangamusicworld.co.uk d790nkh1vapup.cloudfront.net data: blob: 'unsafe-eval' 'unsafe-inline' *.stripe.com soundation4education.com *.soundation4education.com *.twitter.com cdn.syndication.twimg.com pbs.twimg.com rum-http-intake.logs.datadoghq.com www.datadoghq-browser-agent.com *.mapquestapi.com *.mqcdn.com *.tiles.mapbox.com *.mapquest.com *.tiles.mapquest.com *.typekit.net whereby.com *.whereby.com *.srv.whereby.com wss://*.sfu.whereby.com *.turn.whereby.com whitehatjr.com api.amplitude.com api.appearin.net  stats.g.doubleclick.net *.google.com *.google.co.uk *.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.doubleclick.net *.googleadservices.com fonts.googleapis.com fonts.gstatic.com *.gstatic.com *.googleapis.com *.facebook.com *.xx.fbcdn.net *.facebook.net *.youtube-nocookie.com *.youtube.com *.ytimg.com *.bing.com *.clarity.ms cdnjs.cloudflare.com *.vimeo.com *.vimeocdn.com *.gravatar.com *.tile.openstreetmap.org maxcdn.bootstrapcdn.com *.soundcloud.com ms-appx-web: ; object-src charanga.com charanga.com *.charanga.com *.charangascotland.co.uk *.charanga.in *.charanga.scot www.musicservice.wales www.gwasanaethcerdd.cymru *.charanga.dk www.musicfirstelementary.com www.charangamusicworld.co.uk; img-src 'self' * data: blob: ; frame-ancestors charanga.com charanga.com *.charanga.com *.charangascotland.co.uk *.charanga.in *.charanga.scot www.musicservice.wales www.gwasanaethcerdd.cymru *.charanga.dk www.musicfirstelementary.com www.charangamusicworld.co.uk http://berkshiremaestros.org.uk www.berkshiremaestros.org.uk www.hounslowmusic.org.uk http://www.hounslowmusic.org.uk www.bhma.org.uk www.plymouthmeh.com www-bhma-org-uk.filesusr.com; report-uri https://charanga.com/general/csp_logger; 1
object-src 'none';base-uri 'self';script-src 'nonce-cYvWik4CotIu4Pe2idBIjw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-7R9zfyyaBsCqAVD7uVSxrg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.gstatic.com maxcdn.bootstrapcdn.com *.nexcesscdn.net *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://www.googletagmanager.com/ *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.nexcesscdn.net *.doubleclick.net *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.bing.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net *.facebook.com *.nexcesscdn.net *.zonos.com *.bizrate.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.bing.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net maps.googleapis.com *.nexcesscdn.net *.zonos.com *.mailchimp.com *.list-manage.com chimpstatic.com *.facebook.net *.nextopia.net *.iglobalstores.com *.listrakbi.com *.bizrate.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline cdn.dnky.co webchat.dotdigital.com *.googleapis.com *.googletagmanager.com maxcdn.bootstrapcdn.com *.nexcesscdn.net *.nextopia.net cdn.listrakbi.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com sessions.bugsnag.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.google-analytics.com *.google.com *.doubleclick.net *.googlesyndication.com *.nexcesscdn.net *.zonos.com *.googleadservices.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.nexcesscdn.net http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.at ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com *.google-analytics.com *.analytics.google.com sanalytics.spreadshirt.at *.spreadshirt.at ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.google-analytics.com *.analytics.google.com *.spreadshirt.at ; font-src 'self' https: data: *.spreadshirt.at ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.at ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.at ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://code.jquery.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://static-m.meteo.cat; font-src 'self' https://fonts.gstatic.com; 1
default-src https: 'unsafe-inline' 'unsafe-eval' ; img-src https: data: http://geo.nls.uk ; font-src https: data: ; report-uri https://csp.rcahms.gov.uk/canmore-live ; 1
default-src temu: *.temu.com *.kwcdn.com wss://*.temu.com *.paypal.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com *.googleusercontent.com www.googleadservices.com www.google.cn www.google.com.hk www.google.co.uk www.google.ca www.google.com.au www.google.co.nz google.com connect.facebook.net www.facebook.com appleid.cdn-apple.com socialplugin.facebook.net *.cash.app *.forter.com www.paypalobjects.com *.braintree-api.com *.braintreegateway.com cash-f.squarecdn.com api.squareup.com api.lab.amplitude.com *.paidy.com *.cardinalcommerce.com *.stripe.com d3nocrch4qti4v.cloudfront.net duuytoqss3gu4.cloudfront.net df45ay5pw60dy.cloudfront.net d2o5idwacg3gyw.cloudfront.net d3lqotgbn3npr.cloudfront.net d6rak4b14t5gp.cloudfront.net dlthst9q2beh8.cloudfront.net o160250.ingest.sentry.io *.pagoefectivo.pe wauth.teledit.com blob: data: 'unsafe-eval' 'unsafe-inline' 'wasm-unsafe-eval'; form-action 'self'; base-uri 'self'; frame-ancestors 'self'; report-uri /api/sec-csp/110000006/report 1
connect-src 'self' https://hyperreal.info https://koks.hyperreal.top; default-src 'none'; font-src 'self'; img-src 'self' https://koks.hyperreal.top https://hyperreal.info; script-src 'self' 'unsafe-inline' https://hyperreal.info; style-src 'self' 'unsafe-inline'; manifest-src 'self' https://hyperreal.info; 1
font-src fonts.googleapis.com fonts.gstatic.com *.typekit.net https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.addthis.com *.pinterest.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.twitter.com t.co https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com https://ajax.cloudflare.com *.newrelic.com *.nr-data.net *.ads-twitter.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.authorize.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com unpkg.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.typekit.net https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com unsafe-inline *.googleapis.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.nr-data.net https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com *.google-analytics.com analytics.google.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.squarecdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com widgets.sandbox.afterpay.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * zip.co static.zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com/ display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.trackedlink.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com t.zip.co static.zipmoney.com.au static.zip.co https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com assets.adobedtm.com commerce.adobe.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googletagmanager.com https://www.googletagmanager.com tagmanager.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com static.zipmoney.com.au static.zip.co zip.co https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net static.afterpay.com/ *.squarecdn.com display.ugc.bazaarvoice.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google-analytics.com https://www.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-cEBFE1cue5XA2xjOKReN1w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-eval' chrome-extension: 'unsafe-inline' 'unsafe-inline' https://mc.yandex.ru https://st.top100.ru https://bitrix.info blob: opera: https://cdn.randomhow.com data: https://translate.google.com https://translate.googleapis.com https://ucads-cdn.ucweb.com https://mc.yandex.com 127.0.0.1:8182 127.0.0.1:8888 127.0.0.1:5005; frame-src 'self' https://mc.yandex.ru chrome-extension: https://acestream.me https://mc.yandex.com https://www.ciuvo.com https://cdn.rutarget.ru https://skytraf.xyz https://m.youtube.com https://remove.video https://surfe.be https://dl.metabar.ru https://div.show https://ucads-cdn.ucweb.com https://youtu.be https://www.youtube.com https://aflt.market.yandex.ru https://noop.style https://object.center; object-src 'self' https://noop.style chrome-extension:; report-uri /cspreportonly; 1
default-src 'self';         script-src 'self' https://www.googletagmanager.com https://www.datadoghq-browser-agent.com https://assets.juicer.io;         script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.datadoghq-browser-agent.com https://assets.juicer.io;         style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://assets.juicer.io https://cdn.jsdelivr.net;         font-src 'self' https://use.typekit.net https://p.typekit.net;         img-src * 'self' data:; 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com fonts.gstatic.com 'self' data: *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.yotpo.com dhv2ziothpgrr.cloudfront.net * data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' business.facebook.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.meetanshi.com business.facebook.com platform.twitter.com *.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.alothemes.com *.magepow.com *.meetanshi.com business.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com 'self' data: *.facebook.com *.yotpo.com dhv2ziothpgrr.cloudfront.net * data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com *.fontawesome.com *.avada.io *.alothemes.com *.magepow.com *.meetanshi.com business.facebook.com twitter.com platform.twitter.com self *.google.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net * 'self' 'nonce-zetronixCountdown' 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.googleapis.com *.stripe.network *.stripecdn.com tagmanager.google.com *.yotpo.com dhv2ziothpgrr.cloudfront.net static-tracking.klaviyo.com * 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com *.meetanshi.com business.facebook.com *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.facebook.net *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com trc.taboola.com stats.g.doubleclick.net zetronix.zendesk.com jscloud.net psb.taboola.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com 'self' data: 'unsafe-inline' data: *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self' data: *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com 'self' data: www.xtento.com *.yotpo.com *.google.com/ *.authorize.net google.com gstatic.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.christopherqueenconsulting.com *.chrisqueen.com *.cloudflare.com *.fontawesome.com www.xtento.com cdn.xtento.com *.yotpo.com store.paradoxlabs.com https://www.magezon.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com *.twitter.com *.fontawesome.com *.bootstrapcdn.com *.jsdelivr.net *.unpkg.com www.xtento.com cdn.xtento.com *.yotpo.com *.google.com/ *.authorize.net google.com gstatic.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.jsdelivr.net *.yotpo.com *.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' data: 'unsafe-inline' data: 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.cloudflare.com *.yotpo.com *.authorize.net google.com gstatic.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self'; child-src https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.googletagmanager.com/ns.html https://hamgit.ir/admin/ https://hamgit.ir/assets/ https://hamgit.ir/-/speedscope/index.html https://hamgit.ir/-/sandbox/ 'self' https://hamgit.ir/assets/ blob: data:; connect-src 'self' wss://hamgit.ir https://cdn.cookielaw.org https://*.onetrust.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net; default-src 'self'; font-src 'self' https://fonts.gstatic.com data:; form-action 'self' https: http:; frame-ancestors 'self'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.googletagmanager.com/ns.html https://hamgit.ir/admin/ https://hamgit.ir/assets/ https://hamgit.ir/-/speedscope/index.html https://hamgit.ir/-/sandbox/; img-src 'self' https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net; manifest-src 'self'; media-src 'self' data: blob: http: https:; object-src 'none'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://tagmanager.google.com 'unsafe-eval' https://cdn.cookielaw.org https://*.onetrust.com https://cdn.bizible.com/scripts/bizible.js *.googletagmanager.com 'nonce-sFbllb0T4eCl0LIHsy/bAg=='; style-src 'self' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com; worker-src 'self' https://hamgit.ir/assets/ blob: data: 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data: blob:; object-src 'none'; script-src 'self' https: 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; report-uri https://error-tracking.spenderservice.net/api/15/security/?sentry_key=0db3389048bb4735b406e7e1b5b9cb38 1
font-src *.googleapis.com *.gstatic.com use.fontawesome.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.authorize.net assets.secure.checkout.visa.com sandbox.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com cdn.jsdelivr.net chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com *.cloudflare.com *.maxmind.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com use.fontawesome.com downloads.mailchimp.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.googleapis.com https://get.geojs.io *.avada.io *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com *.mmapiws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-TVsDL0BXO62K58rwco-uIA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.yotpo.com *.catchmarketingservices.com *.azureedge.net *.dynamics.com *.acsbapp.com *.zdassets.com *.zendesk.com *.bing.com *.hubspot.com *.zendesk-eu.my.sentry.io *.adobedc.net *.doubleclick.net maxcdn.bootstrapcdn.com *.punchout2go.com 'self' data: *.fontawesome.com *.googleapis.com *.gstatic.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.google.com *.gstatic.com 'self' data: *.dynamics.com *.punchout2go.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.punchout2go.com 'self' data: 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.dynamics.com *.azureedge.net *.punchout2go.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.postcodeanywhere.co.uk *.google.com *.gstatic.com *.hubspot.com *.yotpo.com *.catchmarketingservices.com *.azureedge.net *.dynamics.com *.acsbapp.com *.zdassets.com *.zendesk.com *.bing.com *.zendesk-eu.my.sentry.io *.adobedtm.com *.adobedc.net *.doubleclick.net *.spectrumchemical.com *.spectrumrx.com *.windows.net *.punchout2go.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.bing.com *.googletagmanager.com *.google.com *.gstatic.com *.postcodeanywhere.co.uk *.resultspage.com *.resultsstage.com *.hsleadflows.net *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.newrelic.com *.nr-data.net *.yotpo.com *.catchmarketingservices.com *.mktdplp102cdn.azureedge.net *.dynamics.com *.acsbapp.com *.zdassets.com *.zendesk.com *.hubspot.com *.zendesk-eu.my.sentry.io *.adobedc.net *.doubleclick.net *.punchout2go.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.services.postcodeanywhere.co.uk *.google.com *.gstatic.com 'self' data: *.yotpo.com *.catchmarketingservices.com *.mktdplp102cdn.azureedge.net *.dynamics.com *.acsbapp.com *.zdassets.com *.zendesk.com *.bing.com *.hubspot.com *.zendesk-eu.my.sentry.io *.adobedc.net *.doubleclick.net maxcdn.bootstrapcdn.com *.punchout2go.com *.fontawesome.com tagmanager.google.com *.googleapis.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.bing.com *.services.postcodeanywhere.co.uk *.google-analytics.com *.nr-data.net *.hubspot.com *.spectrumrx.com *.spectrumchemical.com *.yotpo.com *.catchmarketingservices.com *.azureedge.net *.dynamics.com *.acsbapp.com *.zdassets.com *.zendesk.com *.zendesk-eu.my.sentry.io *.adobedc.net *.doubleclick.net *.punchout2go.com https://api.postgrid.com https://www.google-analytics.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; font-src 'self' https://*.hotjar.com *.livechatinc.com data:; manifest-src 'self'; connect-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.livechatinc.com *.google.ch *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net; img-src 'self' https:; script-src 'self' 'nonce-Ov8wRZw7S7U8pDrW9v4ttw==' 'unsafe-eval' https://*.hotjar.com *.mailxpert.ch *.livechatinc.com *.livechat-static.com *.google.ch *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net; style-src 'self' 'unsafe-inline' https://*.hotjar.com *.livechatinc.com *.google.ch *.google.com *.googleapis.com; frame-src *.livechatinc.com *.google.ch *.google.com *.googletagmanager.com *.doubleclick.net; media-src *.livechatinc.com *.livechat-static.com data:; object-src *.livechatinc.com; child-src *.livechatinc.com; report-uri https://mailxpert.uriports.com/reports/report; report-to default 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js-na1.hs-scripts.com/ https://consentcdn.cookiebot.com/ https://consent.cookiebot.com/ https://forms.hsforms.com/ https://js.hsforms.net/ https://www.youtube.com/ https://cdn.arscolor.com/ https://www.google.com/ https://s.ytimg.com/ https://www.gstatic.com/ https://apis.google.com/ https://js.hs-scripts.com/ https://js.hs-analytics.net/ https://js.hscollectedforms.net/ https://js.usemessages.com/ https://*.mapbox.com/ https://js.hs-banner.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.clarity.ms/ https://stats.g.doubleclick.net/ https://px.ads.linkedin.com/ https://www.google.it/ https://www.google.com/ https://snap.licdn.com/ https://www.googleadservices.com/ https://connect.facebook.net/ https://googleads.g.doubleclick.net/ https://www.facebook.com/; style-src 'self' 'unsafe-inline' https://cdn.arscolor.com/ https://fonts.googleapis.com/ https://*.mapbox.com/ ; font-src 'self' https://fonts.googleapis.com/ https://fonts.gstatic.com/ data: ; object-src 'none'; frame-src 'self' https://js.hsforms.net/ https://player.vimeo.com/ https://www.youtube.com/ https://www.gstatic.com/ https://www.google.com/ https://accounts.google.com/ https://app.hubspot.com/ https://consentcdn.cookiebot.com/ https://consent.cookiebot.com/; worker-src 'self' blob: ; connect-src 'self'  https://consentcdn.cookiebot.com/ https://consent.cookiebot.com/ https://cdn.arscolor.com/ https://vimeo.com/ https://forms.hubspot.com/ https://api.hubspot.com/ https://*.mapbox.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.clarity.ms/ https://stats.g.doubleclick.net/ https://px.ads.linkedin.com/ https://www.google.it/ https://www.google.com/ https://snap.licdn.com/ https://www.googleadservices.com/ https://connect.facebook.net/ https://googleads.g.doubleclick.net/; img-src 'self' data: https://perf.hsforms.com/ https://*.gstatic.com/ https://*.youandemili.com/ https://*.fbcdn.net/ https://track.hubspot.com/ https://forms.hsforms.com/ https://*.mapbox.com/  https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.clarity.ms/ https://stats.g.doubleclick.net/ https://px.ads.linkedin.com/ https://www.google.it/ https://www.google.com/ https://snap.licdn.com/ https://www.googleadservices.com/ https://connect.facebook.net/ https://googleads.g.doubleclick.net/ https://www.facebook.com/; report-uri https://siem.youandemili.com/api/v1/content-security-policy 1
object-src 'none';base-uri 'self';script-src 'nonce-ck8LCwBO5eE32IpCArpIvg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-fzzk6522aOdvctj65jhxWg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-J3fQz0fltFHO5Hs4gS9cHg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'none'; script-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' https://*.benidorm.org https://insuit.net https://benidorm--org.insuit.net https://*.insuit.net https://www.googletagmanager.com *.google-analytics.com *.google.com  *.gstatic.com *.googleapis.com *.jquery.com tracker.metricool.com unpkg.com static.codepen.io codepen.io cdnjs.cloudflare.com code.highcharts.com cdn.anychart.com stuk.github.io cdn.jsdelivr.net https://js-agent.newrelic.com https://bam.nr-data.net https://polyfill-fastly.io; object-src 'self'; style-src 'self' 'unsafe-hashes' 'unsafe-inline' *.gstatics.com *.fontawesome.com *.googleapis.com allfont.net allfont.es unpkg.com *.cloudflare.com https://benidorm--org.insuit.net https://cdn.insuit.net; img-src 'self' *.benidorm.org unpkg.com *.osm.org *.cdninstagram.com instagram.com www.instagram.com contenidos-pro-d10.benidorm.org:8443 tracker.metricool.com data: *.google-analytics.com; media-src 'self' *.benidorm.org benidormtv.s3.eu-west-1.amazonaws.com; frame-src 'self' *.google.com *.youtube.com iframe.dacast.com *.vimeo.com https://benidorm--org.insuit.net insuit.net https://*.insuit.net; frame-ancestors 'self'; child-src 'self' *.google.com *.youtube.com data:; font-src 'self' *.gstatic.com *.fontawesome.com *.googleapis.com https://*.insuit.net data:; connect-src 'self' *.google-analytics.com *.benidorm.org https://stats.g.doubleclick.net *.deltanetsi.es *.googleusercontent.com instagram.com *.instagram.com https://bam.nr-data.net https://stats.insuit.net https://benidorm--org.insuit.net https://www.googleapis.com; report-uri /report-csp-violation 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com cdn.shopify.com tivoli-friheden.euwest01.umbraco.io https://static.klaviyo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.facebook.com *.yotpo.com tr.snapchat.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com www.google.com www.gstatic.com https://www.google.com/recaptcha/ *.adyen.com magento-cloudflare.jetrails.com www.youtube.com www.googletagmanager.com web.facebook.com policy.app.cookieinformation.com *.viabill.com *.yotpo.com *.trustpilot.com *.weltpixel.com static.addtoany.com vars.hotjar.com tr.snapchat.com *.friheden.dk consentcdn.cookiebot.com www.facebook.com https://td.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com ebizmarts-website.s3.amazonaws.com *.ytimg.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ scontent.cdninstagram.com *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com web.facebook.com maps.googleapis.com *.navipartner.dk t.raptorsmartadvisor.com *.yotpo.com js.hsforms.net www.google.com www.google.dk https://track.hubspot.com https://px.ads.linkedin.com https://googleads.g.doubleclick.net https://d3k81ch9hvuctc.cloudfront.net https://imgsct.cookiebot.com https://www.linkedin.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com www.google.com www.gstatic.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.chimpstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ static.addtoany.com *.avada.io graph.facebook.com widgets.pinterest.com www.reddit.com api.tumblr.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com maps.googleapis.com policy.app.cookieinformation.com *.viabill.com *.yotpo.com *.trustpilot.com js.hsforms.net forms.hsforms.com static.hotjar.com sleeknotecustomerscripts.sleeknote.com sc-static.net analytics.tiktok.com script.hotjar.com www.youtube.com consent.cookiebot.com consentcdn.cookiebot.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net www.facebook.com https://tr.snapchat.com https://snap.licdn.com https://js-agent.newrelic.com https://static.queue-it.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com static.klaviyo.com www.googletagmanager.com static-tracking.klaviyo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ graph.instagram.com https://get.geojs.io *.avada.io stats.addtoany.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net policy.app.cookieinformation.com consent.app.cookieinformation.com *.yotpo.com static-forms.klaviyo.com tr.snapchat.com analytics.tiktok.com region1.analytics.google.com in.hotjar.com vc.hotjar.io https://gtm-ph3cjd3-zji2m.uc.r.appspot.com consentcdn.cookiebot.com https://www.google.com https://googleads.g.doubleclick.net https://www.facebook.com https://gweu.stape.io https://bam.eu01.nr-data.net https://px.ads.linkedin.com https://capig.stape.cloud https://tr6.snapchat.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src https 'strict-dynamic' 'report-sample' 'wasm-unsafe-eval' 'nonce-Q3JDdpM2eDZCQh5Rt13HGwEx3CXnq24pQqn8NDRQu8o='; base-uri 'self'; report-to csp-endpoint 1
default-src 'self' ;   script-src 'self' 'unsafe-eval' https://analitica.dacoruna.gal 'nonce-ZqL112igSvlz2ILODohc6wAAAMs';   img-src 'self' data: blob: ;   frame-src 'self' ;   style-src 'self' 'unsafe-inline';   font-src 'self' ;   connect-src 'self' https://analitica.dacoruna.gal ;   object-src 'self' ;   frame-ancestors 'self' ; 1
font-src *.tawk.to *.gstatic.com *.reviews.io maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.example 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ bid.g.doubleclick.net *.example *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.reviews.co.uk *.reviews.io https://images.unsplash.com data: 'self' 'unsafe-inline'; script-src *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.tawk.to *.jsdelivr.net *.reviews.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.tawk.to *.googleapis.com *.reviews.co.uk *.reviews.io data: maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.example 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.tawk.to wss://*.tawk.to *.reviews.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'none'; connect-src https://stripe.com; default-src 'none'; font-src 'self'; form-action 'none'; frame-ancestors 'none'; img-src 'self' data: https://images.ctfassets.net; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-report 1
default-src https: https://tbs.tradedoubler.com:* https://s7g10.scene7.com:* https://stenaline.nl:*; script-src 'unsafe-inline' https://bat.bing.com:* https://googleads.g.doubleclick.net:* https://acrobatservices.adobe.com:* https://cdn.cookielaw.org:* https://cdn.mouseflow.com:* https://documentservices.adobe.com:* https://www.google-analytics.com:* https://www.googletagmanager.com:* https://www.stenaline.nl/etc.clientlibs:* https://www.stenaline.nl:* https://connect.facebook.net:* https://messenger.ebilobster.ai:* https://*.stenaline.com:* https://stenaline.com:* https://assets.adobedtm.com:*; img-src data: https: https://s7g10.scene7.com:*; style-src 'self' 'unsafe-inline' https://acrobatservices.adobe.com:* https://*.stenaline.com:* https://stenaline.com:* https://stenaline.nl:*; object-src 'none' 1
connect-src 'self' https://evt.klarna.com https://www.google-analytics.com *.google-analytics.com *.doubleclick.net *.analytics.google.com *.googletagmanager.com https://www.google.fi http://*.hotjar.com:* https://*.hotjar.com:* ws://*.hotjar.com wss://*.hotjar.com https://vc.hotjar.io:* https://surveystats.hotjar.io https://bam.nr-data.net *.bing.com wss://*.bing.com *.clarity.ms https://www.facebook.com https://site-gw.triggerbee.com https://widget-resources.triggerbee.com *.swogo.net https://js.testfreaks.com https://production.depict-api.com https://api.depict.ai https://checkout-uat.collector.se https://checkout.collector.se https://api.checkout.uat.walleydev.com https://api.checkout.walleypay.com https://walleypay.com *.zdassets.com *.zopim.com *.zendesk.com wss://*.zopim.com *.sync.ksync.fi *.ksync.k-rauta.fi inpref.com *.inpref.com https://d2wzl9lnvjz3bh.cloudfront.net *.via.placeholder.com *.google.com *.google.se *.google.no *.google.fr *.google.co.uk *.google.ru *.google.de *.google.es *.google.dk *.google.nl *.sync.kesko.fi https://survey.feedbackly.com https://mvalue-stage.mvoucher.se https://mvalue.mvoucher.se https://se-krauta-b2c-dev.eu.auth0.com https://se-krauta-b2c-qa.eu.auth0.com https://se-krauta-b2c-prod.eu.auth0.com https://cyclone-se-test.criipto.id https://cyclone-se-3.criipto.id https://kesko-se.criipto.id *.optimizely.com; img-src 'self' data: https://k-rauta-se-web-prod.s3.eu-west-1.amazonaws.com *.keskofiles.com http://public-qa.keskofiles.com *.imgix.net *.klarna.com https://www.google-analytics.com https://www.googletagmanager.com *.googletagmanager.com https://ssl.gstatic.com *.doubleclick.net https://www.gstatic.com https://www.google.se https://www.google.fi https://www.google.com *.analytics.google.com images.contentful.com images.ctfassets.net https://script.hotjar.com http://script.hotjar.com https://insights.hotjar.com http://static.hotjar.com https://static.hotjar.com https://keskoanalytics.s3.eu-central-1.amazonaws.com https://maps.googleapis.com *.bing.com *.microsoft.com https://www.facebook.com https://img.youtube.com https://pixel.quantserve.com https://assets.triggerbee.com https://widget-resources.triggerbee.com *.visualwebsiteoptimizer.com *.swogo.net *.images.testfreaks.com https://optimize.google.com *.googleoptimize.com *.zdassets.com *.zopim.io *.sync.ksync.fi *.via.placeholder.com https://www.pricerunner.se *.sync.kesko.fi *.vumbnail.com https://cert.tryggehandel.net; manifest-src 'self'; font-src 'self' https://fonts.gstatic.com http://static.hotjar.com https://static.hotjar.com http://script.hotjar.com https://script.hotjar.com *.swogo.net *.cloudfront.net *.googleoptimize.com *.sync.ksync.fi https://sync.kesko.fi https://cert.tryggehandel.net; frame-src 'self' *.klarna.com *.doubleclick.net https://vars.hotjar.com *.youtube.com *.youtu.be https://booking.brenderuprental.com https://utm.keskoanalytics.com/ https://keskoanalytics.s3.eu-central-1.amazonaws.com sdx.microsoft.com https://www.facebook.com https://form.jotform.com https://checkout-uat.collector.se https://checkout.collector.se https://checkout.uat.walleydev.com https://checkout.walleydev.com https://optimize.google.com *.googleoptimize.com *.sync.ksync.fi https://sync.ksync.fi https://widget.trustpilot.com *.vimeo.com https://cert.tryggehandel.net https://se-krauta-b2c-dev.eu.auth0.com https://se-krauta-b2c-qa.eu.auth0.com https://se-krauta-b2c-prod.eu.auth0.com https://cyclone-se-test.criipto.id https://cyclone-se-3.criipto.id https://kesko-se.criipto.id *.optimizely.com https://api.uat.walleydev.com https://api.walleypay.com; style-src 'self' 'unsafe-inline' blob: https://tagmanager.google.com https://fonts.googleapis.com *.analytics.google.com *.googletagmanager.com https://keskoanalytics.s3.eu-central-1.amazonaws.com *.bing.com https://assets.triggerbee.com https://widget-resources.triggerbee.com *.cloudfront.net https://optimize.google.com *.googleoptimize.com https://sync.kesko.fi; script-src 'self' 'unsafe-inline' *.k-rauta.se https://k-rauta-se-web-prod.s3.eu-west-1.amazonaws.com *.keskofiles.com *.klarnacdn.net https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com http://tagmanager.google.com *.doubleclick.net https://www.googleadservices.com *.analytics.google.com *.googletagmanager.com https://static.hotjar.com https://script.hotjar.com http://static.hotjar.com http://script.hotjar.com *.script.hotjar.com 'unsafe-eval' https://js-agent.newrelic.com https://bam.nr-data.net *.youtube.com *.youtu.be https://keskoanalytics.s3.eu-central-1.amazonaws.com https://scjc708q0d.execute-api.eu-west-1.amazonaws.com https://bat.bing.com https://r.bing.com https://connect.facebook.net https://rules.quantcount.com https://secure.quantserve.com https://t.myvisitors.se https://api.triggerbee.com https://widget-resources.triggerbee.com *.visualwebsiteoptimizer.com *.swogo.net *.cloudfront.net *.r.testfreaks.com https://js.testfreaks.com https://cr.testfreaks.com https://code.jquery.com https://checkout-uat.collector.se https://checkout.collector.se https://api.checkout.uat.walleydev.com https://api.checkout.walleypay.com https://walleypay.com https://optimize.google.com www.googleoptimize.com *.googleoptimize.com *.zdassets.com *.zopim.com *.zendesk.com *.kesko.fi *.kesko.se *.sync.ksync.fi inpref.com *.inpref.com https://d2wzl9lnvjz3bh.cloudfront.net fi1.frosmo.com *.fi1.frosmo.com https://d2oarllo6tn86.cloudfront.net *.k-rauta.fi https://widget.trustpilot.com https://sync.kesko.fi https://cert.tryggehandel.net https://se-krauta-b2c-dev.eu.auth0.com https://se-krauta-b2c-qa.eu.auth0.com https://se-krauta-b2c-prod.eu.auth0.com https://cyclone-se-test.criipto.id https://cyclone-se-3.criipto.id https://kesko-se.criipto.id https://scandit.com https://ssl.scandit.com https://api.uat.walleydev.com https://api.walleypay.com; style-src-elem 'self' 'unsafe-inline' *.k-rauta.se https://k-rauta-se-web-prod.s3.eu-west-1.amazonaws.com https://optimize.google.com *.googleoptimize.com *.sync.ksync.fi *.k-rauta.fi https://sync.kesko.fi; script-src-elem 'self' 'unsafe-inline' *.k-rauta.se https://k-rauta-se-web-prod.s3.eu-west-1.amazonaws.com https://www.google-analytics.com https://www.googletagmanager.com *.googletagmanager.com https://ssl.gstatic.com *.doubleclick.net https://www.gstatic.com https://www.google.se https://www.google.fi https://www.google.com *.analytics.google.com *.bing.com *.clarity.ms https://connect.facebook.net https://rules.quantcount.com https://secure.quantserve.com https://t.myvisitors.se https://assets.triggerbee.com https://widget-resources.triggerbee.com *.swogo.net *.cloudfront.net *.r.testfreaks.com https://js.testfreaks.com https://cr.testfreaks.com https://code.jquery.com https://optimize.google.com *.googleoptimize.com *.zdassets.com *.zopim.com *.zendesk.com *.k-rauta.fi https://widget.trustpilot.com https://sync.kesko.fi https://survey.feedbackly.com https://cert.tryggehandel.net https://se-krauta-b2c-dev.eu.auth0.com https://se-krauta-b2c-qa.eu.auth0.com https://se-krauta-b2c-prod.eu.auth0.com https://cyclone-se-test.criipto.id https://cyclone-se-3.criipto.id https://kesko-se.criipto.id *.optimizely.com *.bidtheatre.com https://api.uat.walleydev.com https://api.walleypay.com; media-src videos.contentful.com videos.ctfassets.net *.zdassets.com; child-src https://vars.hotjar.com; frame-ancestors *.k-rauta.fi https://se-krauta-b2c-dev.eu.auth0.com https://se-krauta-b2c-qa.eu.auth0.com https://se-krauta-b2c-prod.eu.auth0.com https://cyclone-se-test.criipto.id https://cyclone-se-3.criipto.id https://kesko-se.criipto.id; report-uri https://www.k-rauta.se/csp-report; 1
font-src https://fonts.gstatic.com https://ws.colissimo.fr *.fontawesome.com https://viewer.ipaper.io https://ipaper.io *.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.ariba.com app.instapunchout.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com *.ariba.com app.instapunchout.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.youtube.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr https://api.mapbox.com maps.gstatic.com https://viewer.ipaper.io https://ipaper.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com applepay.cdn-apple.com maps.googleapis.com https://viewer.ipaper.io https://ipaper.io *.zdassets.com *.google.com *.gstatic.com *.relewise.com *.trustpilot.com *.jsdelivr.net https://www.cchobby.dk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com *.fontawesome.com applepay.cdn-apple.com https://viewer.ipaper.io https://ipaper.io *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://viewer.ipaper.io https://ipaper.io *.zdassets.com *.facebook.com *.relewise.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://nominatim.openstreetmap.org autocomplete2.postdirekt.de *.zdassets.com *.zendesk.com wss://widget-mediator.zopim.com *.relewise.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://viewer.ipaper.io https://ipaper.io 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.sagepay.com *.bglobale.com *.global-e.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.gstatic.com *.googleapis.com *.google.com *.newrelic.com *.nr-data.net *.arcot.com *.hsforms.net *.hsforms.com *.hubspot.com *.embedsocial.com *.ometria.com *.clarity.ms *.twitter.com *.pinterest.com cdn-ometria-com.s3.eu-west-1.amazonaws.com *.google.co.uk bat.bing.com *.hotjar.io embedsocial.com *.cookiebot.com *.studentbeans.com use.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.sagepay.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.facebook.com *.ipg-online.com *.hsforms.net *.hsforms.com *.hubspot.com *.embedsocial.com *.ometria.com *.clarity.ms *.twitter.com *.pinterest.com cdn-ometria-com.s3.eu-west-1.amazonaws.com *.google.co.uk bat.bing.com *.hotjar.io embedsocial.com *.cookiebot.com *.studentbeans.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.awin1.com *.zenaps.com *.fls.doubleclick.net *.sagepay.com account.fetchify.com *.bglobale.com *.global-e.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.trustpilot.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.googleapis.com *.google.com *.newrelic.com *.facebook.com *.nr-data.net meetanshi.com *.arcot.com *.hsforms.net *.hsforms.com *.hubspot.com *.embedsocial.com *.ometria.com *.clarity.ms *.twitter.com *.pinterest.com cdn-ometria-com.s3.eu-west-1.amazonaws.com *.google.co.uk bat.bing.com *.hotjar.io embedsocial.com *.cookiebot.com *.studentbeans.com www.xtento.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.awin1.com *.zenaps.com https://cdn.clerk.io *.paypal.com *.sagepay.com ebizmarts-website.s3.amazonaws.com *.bglobale.com *.global-e.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com meetanshi.com *.arcot.com *.hsforms.net *.hsforms.com *.hubspot.com *.cookiepro.com *.embedsocial.com *.ometria.com *.clarity.ms *.twitter.com *.pinterest.com cdn-ometria-com.s3.eu-west-1.amazonaws.com *.google.co.uk bat.bing.com *.hotjar.io embedsocial.com *.cookiebot.com *.studentbeans.com www.xtento.com cdn.xtento.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com https://api.clerk.io https://cdn.clerk.io *.sagepay.com *.bglobale.com *.global-e.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com unpkg.com *.googleapis.com *.google.com *.newrelic.com *.nr-data.net *.hotjar.com *.cookiepro.com *.doubleclick.net *.facebook.com *.facebook.net *.onetrust.com *.hsforms.net *.hsforms.com *.arcot.com *.hubspot.com *.embedsocial.com *.ometria.com *.clarity.ms *.twitter.com *.pinterest.com cdn-ometria-com.s3.eu-west-1.amazonaws.com *.google.co.uk bat.bing.com *.hotjar.io embedsocial.com *.cookiebot.com *.studentbeans.com www.xtento.com cdn.xtento.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.clerk.io https://cdn.clerk.io *.sagepay.com cc-cdn.com *.bglobale.com *.global-e.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.trustpilot.com tagmanager.google.com *.facebook.com *.ipg-online.com *.arcot.com *.hsforms.net *.hsforms.com *.hubspot.com *.embedsocial.com *.ometria.com *.clarity.ms *.twitter.com *.pinterest.com cdn-ometria-com.s3.eu-west-1.amazonaws.com *.google.co.uk bat.bing.com *.hotjar.io embedsocial.com *.cookiebot.com *.studentbeans.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com fonts.googleapis.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com https://the.sciencebehindecommerce.com *.paypal.com *.sagepay.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.googleapis.com *.newrelic.com *.nr-data.net *.hotjar.com *.cookiepro.com *.doubleclick.net *.facebook.com *.facebook.net *.hsforms.net *.unpkg.com *.hscollectedforms.net *.arcot.com *.hsforms.com *.hubspot.com *.embedsocial.com *.ometria.com *.clarity.ms *.twitter.com *.pinterest.com cdn-ometria-com.s3.eu-west-1.amazonaws.com *.google.co.uk bat.bing.com *.hotjar.io embedsocial.com *.cookiebot.com *.studentbeans.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.cumulusmedia.com 'report-sample'; base-uri 'self'; script-src 'self' *.cumulusmedia.com 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' *.googletagmanager.com *.google-analytics.com stats.wp.com form.jotform.com cdn.jotfor.ms *.cookielaw.org 'sha256-iqOPaRlwwgtNy7J3vh/+LSW9/QVdN+Fl+YfMS8+GcPo=' *.onetrust.com connect.facebook.net 'nonce-S5UJL8QG6pgNOfMsZFf4msPv' 'report-sample'; style-src 'self' 'unsafe-inline' *.cumulusmedia.com fonts.googleapis.com cdn.jotfor.ms 'report-sample'; img-src 'self' data: *.cumulusmedia.com *.wp.com *.googletagmanager.com *.google-analytics.com *.cookielaw.org; font-src 'self' data: *.cumulusmedia.com fonts.gstatic.com; connect-src 'self' *.cumulusmedia.com *.google-analytics.com *.doubleclick.net submit.jotform.com *.cookielaw.org *.onetrust.com; object-src 'none'; frame-src 'self' *.cumulusmedia.com *.jotform.com; report-uri https://www.cumulusmedia.com/wp-admin/admin-ajax.php?action=wpshr 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: http: data:; object-src 'none'; script-src 'self' https: 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; worker-src blob: 1
default-src 'none'; base-uri 'none'; connect-src 'self'; frame-ancestors 'none'; img-src https://cernercentral.com/resources/core/v2.17/ https://cernercentral.com/resources/core/v2.27/; script-src 'unsafe-inline' https://cernercentral.com/resources/core/v2.27/; style-src 'unsafe-inline' https://cernercentral.com/resources/core/v2.27/ https://cernercentral.com/resources/home/v2.12/ 1
object-src 'none';base-uri 'self';script-src 'nonce-rWn_mDzaTMJyyb1LLr20rQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.stripe.com *.google.com *.opayo.eu.elavon.com *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.stripe.com *.google.com *.opayo.eu.elavon.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com *.opayo.eu.elavon.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.nosto.com *.nos.to *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.bing.com *.cloudfront.net *.google.co.uk *.lpsnmedia.net *.postcodeanywhere.co.uk *.postimg.cc *.quantserve.com *.roeye.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.stripe.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.opayo.eu.elavon.com *.nosto.com *.nos.to *.klevu.com *.ksearchnet.com *.hsforms.net *.hsforms.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.adnxs.com http://*.adnxs.com *.affiliatefuture.com *.bing.com *.cloudflare.com *.crazyegg.com *.dwin1.com *.esales-hub.com *.fullstory.com *.infinity-tracking.com *.liveperson.net *.lpsnmedia.net *.pcapredict.com *.pinimg.com *.pinterest.com *.postcodeanywhere.co.uk *.quantserve.com *.quantcount.com *.roeyecdn.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com *.nosto.com *.nos.to js.klevu.com *.ksearchnet.com s7.addthis.com *.hsforms.net *.hsforms.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.postcodeanywhere.co.uk *.klevu.com unsafe-inline assets.braintreegateway.com *.stripe.com *.google.com downloads.mailchimp.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com *.nosto.com *.nos.to *.ksearchnet.com *.trustpilot.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.cloudfront.net *.crazyegg.com *.doubleclick.net *.fullstory.com *.googlesyndication.com *.infinity-tracking.net *.infinity-tracking.com *.pinterest.com *.postcodeanywhere.co.uk *.bing.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.stripe.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com *.nosto.com *.nos.to *.klevu.com *.ksearchnet.com ekr.zdassets.com/ t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com *.typekit.net *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudfront.net *.reviews.io *.reviews.co.uk https://*.yotpo.com data: https://*.getsitecontrol.com https://*.klevu.com https://*.gorgias.chat https://*.craftyclicks.co.uk https://tile-giant.gumlet.io *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.reviews.io *.reviews.co.uk *.securetrading.net https://www.facebook.com https://*.craftyclicks.co.uk *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.clearpay.co.uk *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com account.fetchify.com https://*.doubleclick.net https://*.google.com https://*.hotjar.com https://*.klarna.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.reviews.io *.reviews.co.uk *.rvvuptech.com *.rvvup.com *.afterpay.com *.sandbox.paypal.com cdn.eu.trustpayments.com *.trustpayments.com *.securetrading.net *.secure.checkout.visa.com thm.visa.com *.mastercard.com https://*.arcot.net https://*.arcot.com https://*.facebook.com https://*.rlets.com https://*.vimeo.com https://*.craftyclicks.co.uk *.twitter.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com https://*.omtrdc.net/ dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net data: d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.b0e8.com *.afterpay.com *.clearpay.co.uk *.trackedlink.net https://*.doubleclick.net https://*.google.com https://*.google.co.uk *.cloudfront.net https://*.klarnacdn.net *.klarnaevt.com *.klarnacdn.net https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.reviews.io *.reviews.co.uk assets.dev.rvvuptech.com assets.rvvup.com *.sandbox.paypal.com *.stats.paypal.com *.gstatic.com *.vims.visa.com *.secure.checkout.visa.com *.mastercard.com https://*.facebook.com https://connect.facebook.net https://*.yotpo.com https://*.pinterest.com https://yotpo-editor-production.s3.amazonaws.com https://*.googletagmanager.com https://*.googleapis.com https://*.monetate.net https://*.getsitecontrol.com https://*.trackedlink.net https://*.kaltura.com https://*.atdmt.com https://*.gstatic.com https://*.google.ca https://*.google.com.au https://*.google.com.nz https://*.bing.com https://*.klevu.com https://*.gorgias.io https://*.rlets.com https://*.wisepops.com https://tile-giant.gumlet.io *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com assets.adobedtm.com commerce.adobe.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com cdn.ampproject.org raw.githubusercontent.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.b0e8.com *.bc0a.com *.afterpay.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com https://*.pcapredict.com/js/sensor.js https://*.googletagmanager.com https://www.google.com *.gstatic.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com https://*.klarnacdn.net *.klarnacdn.net *.klarnaservices.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.reviews.io *.reviews.co.uk *.sandbox.paypal.com checkout.dev.rvvuptech.com checkout.rvvup.com cdn.eu.trustpayments.com *.securetrading.net *.secure.checkout.visa.com *.cardinalcommerce.com *.mastercard.com https://apis.google.com https://*.zdassets.com https://*.monetate.net https://*.yotpo.com https://r1-t.trackedlink.net https://searchanise-ef84.kxcdn.com https://connect.facebook.net https://*.getsitecontrol.com https://www.searchanise.com https://ajax.aspnetcdn.com https://tracking1.force24.co.uk https://code.jquery.com https://www.google-analytics.com https://*.kaltura.com https://*.zopim.com https://*.rlets.com https://*.pinimg.com https://*.bing.com https://*.klevu.com https://polyfill.io https://*.gorgias.chat https://*.microsoft.com https://*.craftyclicks.co.uk https://*.wisepops.com https://tile-giant.gumlet.io https://pixel.nudgify.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.afterpay.com/ *.squarecdn.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com cc-cdn.com https://*.googleapis.com *.typekit.net *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.cloudfront.net *.reviews.io *.reviews.co.uk checkout.dev.rvvuptech.com checkout.rvvup.com https://*.yotpo.com https://searchanise-ef84.kxcdn.com https://*.klevu.com https://*.craftyclicks.co.uk https://tile-giant.gumlet.io *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://*.zdassets.com https://*.kaltura.com https://*.gorgias.chat https://tile-giant.gumlet.io 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net *.magento-datasolutions.com *.magento-ds.com cdn.ampproject.org *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.afterpay.com *.sandbox.paypal.com https://*.zdassets.com https://tilegiant.zendesk.com https://*.yotpo.com wss://widget-mediator.zopim.com https://*.google-analytics.com https://www.facebook.com https://*.doubleclick.net https://*.kaltura.com https://*.pinterest.com https://*.bing.com https://*.reachlocalservices.com https://*.rlets.com https://*.gannettdigital.com https://*.hotjar.io wss://*.hotjar.com https://*.ksearchnet.com https://*.gorgias.chat wss://*.gorgias.chat https://*.getsitecontrol.com https://*.ingest.sentry.io https://*.klevu.com https://*.amplitude.com https://*.craftyclicks.co.uk https://*.wisepops.com https://tile-giant.gumlet.io https://pixel.nudgify.com https://*.klarnaevt.com *.cloudflare.com *.twitter.com *.twimg.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
object-src 'none'; script-src 'self' 'unsafe-eval' https://www.googletagmanager.com https://www.googleadservices.com https://www.googleoptimize.com https://www.google-analytics.com https://cookie-cdn.cookiepro.com https://munchkin.marketo.net https://script.crazyegg.com https://snap.licdn.com https://app-lon05.marketo.com https://static.addtoany.com; script-src-attr 'self'; script-src-elem 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.googleoptimize.com https://www.google-analytics.com https://cookie-cdn.cookiepro.com https://munchkin.marketo.net https://view.ceros.com https://player.vimeo.com https://script.crazyegg.com https://snap.licdn.com 'sha256-3/mNUpqF9X/gMYE+bOG6g8d6I32wdYdWwWuAk90mPCM=' 'sha256-iqOPaRlwwgtNy7J3vh/+LSW9/QVdN+Fl+YfMS8+GcPo=' https://m.addthis.com https://z.moatads.com https://v1.addthisedge.com https://bam.nr-data.net https://js-agent.newrelic.com 'sha256-De2mpaFLR0YDSf4Kwof2qARuqqxurfOvrVuX1nl4SGc=' https://app-lon05.marketo.com https://static.addtoany.com; style-src 'self' 'unsafe-inline' https://app-lon05.marketo.com https://cookie-cdn.cookiepro.com https://www.googletagmanager.com https://fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: orient-watch.com cdnjs.cloudflare.com cdn.jsdelivr.net *.goepson.com fast.fonts.net *.googleapis.com *.doubleclick.net tags.tiqcdn.com www.googletagmanager.com analytics.google.com region1.google-analytics.com *.gstatic.com www.google-analytics.com www.youtube.com www.google.com neon.epson-europe.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://maps.gstatic.com store.paradoxlabs.com *.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io https://maps.googleapis.com *.authorize.net https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io https://maps.googleapis.com *.authorize.net https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none' ;  base-uri 'self' ;  font-src 'self' https://fonts.gstatic.com https://www.booxi.eu;  manifest-src 'self' ;  media-src 'self' ;  frame-ancestors 'self' ;  worker-src 'none' ;  report-uri /api/csp-reports ;  connect-src 'self' https://cognito-idp.eu-west-3.amazonaws.com https://maps.googleapis.com https://api.opngo.com https://static.indigoneo.eu https://auth.opngo.com;  frame-src 'self' https://www.booxi.eu https://trxb26zqxg.execute-api.eu-west-3.amazonaws.com https://payment.opngo.com https://webpayment.payline.com https://secure.ogone.com https://payment.direct.ingenico.com https://api.opngo.com https://now.opngo.com https://assets.opngo.com https://v2-sim.preprod.psp-solutions.com https://methodurl.psp-solutions.com; 1
font-src *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.wesupply.xyz *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com ebizmarts-website.s3.amazonaws.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.chimpstatic.com s7.addthis.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com *.maxmind.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.googleapis.com *.googletagmanager.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com ekr.zdassets.com/ *.google-analytics.com *.google.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.mmapiws.com *.wizzy.ai wss://sockets.wizzy.ai *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://customer.cludo.com https://ds-aksb-a.akamaihd.net https://s.ytimg.com https://www.youtube.com https://e.issuu.com https://irs.tools.investis.com https://otp.tools.investis.com https://c.evidon.com https://www.googletagmanager.com https://t.contentsquare.net https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://otp.tools.investis.com; img-src 'self' data: https: ; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://otp.tools.investis.com; connect-src 'self' https://clydesdalebank.tt.omtrdc.net https://clydesdalebank.d3.sc.omtrdc.net https://dpm.demdex.net https://ds-aksb-a.akamaihd.net https://api-eu1.cludo.com https://api.cludo.com https://www.google.com https://irs.tools.investis.com https://c.evidon.com https://l.evidon.com https://dgcollector.evidon.com https://optoutapi.evidon.com https://dgvendorhostapi.evidon.com; media-src 'self'; object-src 'self'; worker-src 'self' blob:; frame-src 'self' https://clydesdalebankplc.demdex.net https://secure.flife.de https://otp.tools.investis.com https://irs.tools.investis.com https://clydesdale-bank.production.investis.com https://www.youtube.com https://e.issuu.com https://player.vimeo.com https://embeds.audioboom.com; frame-ancestors 'self' *.virginmoney.com; report-uri https://cyburi.report-uri.com/r/t/csp/reportOnly; 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: fonts.googleapis.com *.fontawesome.com *.cloudflare.com *.twitter.com *.typekit.net *.googleapis.com *.bootstrapcdn.com font.static.useinsider.com *.netcore.co.in/ *.hansel.io/ *.netcoresmartech.com https://local.netcoresmartech.com:3000 *.boxx.ai/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com *.facebook.com *.royalselangor.com *.freshmarketer.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com *.google.com *.addthis.com *.hotjar.com royalselangor.api.useinsider.com *.facebook.com *.doubleclick.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net data: www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com *.feefo.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.google.com *.google.com.my *.google.com.vn *.e-ghl.com *.twitter.com *.royalselangor.com *.mcstaging.royalselangor.com *.doubleclick.net *.useinsider.com *.clarity.ms *.bing.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com apis.google.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.gstatic.com fonts.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.googletagmanager.com *.facebook.net *.api.feefo.com *.feefo.com *.cloudflare.com *.twitter.com *.google-analytics.com googletagmanager.com *.google.com *.gstatic.com *.trustedshops.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com widgets.pinterest.com royalselangor.api.useinsider.com *.stripe.com *.stripe.network *.freshmarketer.com *.netcore.co.in/ *.hansel.io/ *.netcoresmartech.com *.boxx.ai/ klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com unsafe-inline assets.braintreegateway.com *.fontawesome.com *.feefo.com *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.typekit.net *.bootstrapcdn.com assets.api.useinsider.com *.mailchimp.com *.netcore.co.in/ *.hansel.io/ *.netcoresmartech.com *.boxx.ai/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.netcore.co.in/ *.hansel.io/ *.netcoresmartech.com *.boxx.ai/ 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net qa-api.magedevteam.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google-analytics.com https://api.feefo.com https://collect.feefo.com *.cloudflare.com *.twitter.com *.netcore.co.in/ *.hansel.io/ *.netcoresmartech.com *.boxx.ai/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com tfhub.dev storage.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.squarecdn.com *.googleapis.com *.gstatic.com data: fonts.googleapis.com fonts.gstatic.com *.klarnacdn.net *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.commerce-connector.com *.typekit.net */csp/report/uri/ *.hotjar.com *.hotjar.io *.wahl.com *.userway.org *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.wahl.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.wahl.com; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klarna.com *.mercadolibre.com *.google.com *.gstatic.com *.facebook.com *.bluesnap.com *.kaptcha.com *.adsrvr.org *.hotjar.com *.hotjar.io */csp/report/uri/ *.hubspot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.wahl.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobedtm.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.afterpay.com/ *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com *.essentialaccessibility.com *.wahlanimal.com  s.ytimg.com  *.google.com  *.google.com.mx  *.google-analytics.com *.facebook.com ct.pinterest.com bat.bing.com *.google.co.in *.cloudflare.com *.wahlclipper.com *.powerreviews.com *.googletagmanager.com *.cloudfront.net *.webcollage.net *.syndigo.cloud *.postcodeanywhere.co.uk */csp/report/uri/ *.reddit.com *.hsforms.com *.hubspot.com  *.google.com.in  *.payments-amazon.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com c.clarity.ms cdn.cookielaw.org cdn.userway.org *.wahl.com *.magecomp.com *.google.com.ua www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; style-src *.adobe.com static.afterpay.com/ *.squarecdn.com fonts.googleapis.com *.klarnacdn.net *.fontawesome.com *.googleapis.com *.powerreviews.com getfirebug.com display.ugc.bazaarvoice.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com *.cloudflare.com *.bootstrapcdn.com *.wahlclipper.com *.jsdelivr.net *.postcodeanywhere.co.uk *.commerce-connector.com *.typekit.net */csp/report/uri/ unsafe-inline assets.braintreegateway.com www.gstatic.com cdn.weglot.com *.wahl.com *.userway.org 'self' 'unsafe-inline'; object-src *.wahl.com 'self' 'unsafe-inline'; media-src *.adobe.com *.wahl.com 'self' 'unsafe-inline'; manifest-src *.wahl.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolibre.com stats.g.doubleclick.net ct.pinterest.com *.google-analytics.com *.whatcounts.com siteanalytics.whatcounts.com https://siteanalytics.whatcounts.com *.amazonaws.com/ api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.amazonaws.com *.yotpo.com *.cloudflare.com *.powerreviews.com *.nr-data.net *.wahlclipper.com *.syndigo.com *.postcodeanywhere.co.uk wss://ws41.hotjar.com *.commerce-connector.com */csp/report/uri/ *.facebook.com wss://*.hotjar.com *.hotjar.com *.hotjar.io *.hubspot.com *.hubapi.com *.hs-banner.com *.kaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com x.clarity.ms cdn.cookielaw.org forms.hscollectedforms.net geolocation.onetrust.com api.userway.org cdn77.api.userway.org cdn.userway.org api.weglot.com cdn.weglot.com https://cdn-api-weglot.com *.wahl.com *.hsforms.net *.hsforms.com *.clarity.ms 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; base-uri *.wahl.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klarna.com *.klarnacdn.net *.klarnaservices.com *.avada.io *.mlstatic.com *.mercadopago.com *.powerreviews.com *.google.com *.newrelic.com js-agent.newrelic.com *.googletagmanager.com https://www.googletagmanager.com/gtm.js connect.facebook.net bat.bing.com *.google-analytics.com *.googleoptimize.com https://www.googleoptimize.com/optimize.js *.trustedsite.com *.cloudflare.com *.twitter.com *.fontawesome.com *.nr-data.net *.wahlclipper.com *.googleapis.com *.jsdelivr.net *.bluesnap.com *.webcollage.net *.syndigo.com *.adsrvr.org *.hotjar.com *.hotjar.io *.pcapredict.com *.postcodeanywhere.co.uk *.commerce-connector.com *.amazonaws.com/ */csp/report/uri/ *.redditstatic.com *.hs-scripts.com *.hscollectedforms.net *.hs-banner.com *.usemessages.com *.hs-analytics.net *.kaptcha.com *.hsadspixel.net *.hsleadflows.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.clarity.ms cdn.cookielaw.org js.hubspot.com cdn.userway.org svht.tradedoubler.com swrap.tradedoubler.com cdn.weglot.com *.wahl.com *.hsforms.net *.hsforms.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; default-src https://de.wahl.com https://fr.wahl.com *.wahl.com 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://*.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com www.xtento.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.googleapis.com https://*.gstatic.com 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com www.xtento.com cdn.xtento.com https://static.buckaroo.nl ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://*.googleapis.com https://*.googleusercontent.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com https://*.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js https://*.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com www.xtento.com cdn.xtento.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl chimpstatic.com downloads.mailchimp.com *.list-manage.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.trustpilot.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl downloads.mailchimp.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net https://*.google.com *.doubleclick.net *.googlesyndication.com https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com https://fonts.gstatic.com *.fontawesome.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com/ https://www.youtube.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es https://www.magezon.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net cdn.powersuite-tools.com test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com tagmanager.google.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.plugins.emarsys.net *.scarabresearch.com *.google.com *.google.com/ eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com fonts.googleapis.com *.fontawesome.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src powersuite-tools.com test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.google-analytics.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.scarabresearch.com *.eservice.emarsys.net http://dpm.demdex.net https://www.google.com https://www.gstatic.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.klevu.com *.ksearchnet.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com *.worldpay.com *.nosto.com *.nos.to https://secure-test.worldpay.com/shopper/3ds/ddc.html *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ lpcdn.lpsnmedia.net www.facebook.com cdn.knightlab.com *.worldpay.com *.nosto.com *.nos.to https://pay.google.com https://secure-test.worldpay.com *.dotdigital-pages.com *.dotdigital.com landofcoder.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.trustpilot.com https://www.google.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.afd.co.uk *.bing.com www.facebook.com www.google.co.in www.google.com *.clarity.ms cdn-ukwest.onetrust.com www.googletagmanager.com *.nosto.com *.nos.to *.cloudflare.com *.gstatic.com *.trackedlink.net *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io https://www.google.com *.afd.co.uk *.lpsnmedia.net bat.bing.com cdn-ukwest.onetrust.com *.googleapis.com *.liveperson.net survey.g.doubleclick.net *.google.co.in *.google.com *.clarity.ms analytics.webgains.io connect.facebook.net *.newrelic.com *.nr-data.net *.worldpay.com *.nosto.com *.nos.to https://www.google.com/recaptcha/api.js https://www.gstatic.com *.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal js.klevu.com *.ksearchnet.com landofcoder.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.nosto.com *.nos.to *.cloudflare.com *.klevu.com *.ksearchnet.com unsafe-inline *.trustpilot.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.onetrust.com stats.g.doubleclick.net *.clarity.ms widget.trustpilot.com *.nr-data.net *.nosto.com *.nos.to *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.klevu.com *.ksearchnet.com landofcoder.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.klarnacdn.net *.klevu.com *.ksearchnet.com *.fontawesome.com braintreegateway.com fonts.googleapis.com paypal.com services.postcodeanywhere.co.uk *.zopim.com *.braintreegateway.com *.facebook.com *.google.com *.googleusercontent.com *.gstatic.com *.hotjar.com *.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com https: 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.klarna.com https://www.googletagmanager.com/ https: *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com https://static.afterpay.com https://site-assets.afterpay.com/ *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https: www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.klarna.com *.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ s7.addthis.com *.avada.io cdn.polyfill.io bat.bing.com cdn.segmentify.com bam.eu01.nr-data.net paypal.com services.postcodeanywhere.co.uk static.zdassets.com v2.zopim.com *.bing.com *.facebook.net *.google-analytics.com *.google.com *.hotjar.com *.paypal.com *.pinimg.com *.tiktok.com www.google.co.uk www.google.com www.dwin1.com www.gstatic.com www.clarity.ms front.optimonk.com foursixty.com *.pcapredict.com smct.co assets.revlifter.io *.stripe.com klarna.com *.klarnaevt.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src static.afterpay.com/ *.squarecdn.com *.klarnacdn.net https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com services.postcodeanywhere.co.uk *.paypal.com paypal.com *.cardinalcommerce.com *.google.com *.facebook.com *.googleapis.com foursixty.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com static.afterpay.com static.sandbox.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.clearpay.co.uk *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ ekr.zdassets.com/ https://get.geojs.io *.avada.io foursixty.com www.dwin1.com *.pcapredict.com googleads.g.doubleclick.net bam.eu01.nr-data.net paypal.com services.postcodeanywhere.co.uk stats.g.doubleclick.net *.analytics.google.com *.zopim.com *.bing.com *.cloudfront.net *.facebook.com *.google-analytics.com *.hotjar.com *.hotjar.io *.paypal.com *.pinterest.com *.tiktok.com wss://*.hotjar.com/api/v2/client/ws www.google.co.uk devt.revlifter.com cdn.polyfill.io *.stripe.com klarna.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.stripe.com *.google.com *.opayo.eu.elavon.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.stripe.com *.google.com *.opayo.eu.elavon.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com www.xtento.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.opayo.eu.elavon.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com www.xtento.com cdn.xtento.com *.trackedlink.net *.stripe.com ebizmarts-website.s3.amazonaws.com *.paypal.com *.opayo.eu.elavon.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.feefo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.googleapis.com *.gstatic.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com www.xtento.com cdn.xtento.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.opayo.eu.elavon.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com assets.shipperhq.com *.trustpilot.com *.feefo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.google.com *.opayo.eu.elavon.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com assets.shipperhq.com *.trustpilot.com *.feefo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.paypal.com *.opayo.eu.elavon.com www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com ovs.shipperhq.com rms.shipperhq.com wss://rms.shipperhq.com/ *.feefo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' ;   script-src 'self' 'unsafe-eval' https://analitica.dacoruna.gal 'nonce-ZqMEeEHZHY-5iSxhUVT_FQAAAMs';   img-src 'self' data: blob: ;   frame-src 'self' ;   style-src 'self' 'unsafe-inline';   font-src 'self' ;   connect-src 'self' https://analitica.dacoruna.gal ;   object-src 'self' ;   frame-ancestors 'self' ; 1
object-src 'none'; script-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill-fastly.io https://unpkg.com https://www.google.com; script-src-attr 'self'; style-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self'; frame-ancestors 'self' 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; connect-src  https: wss:; report-uri /csp-report 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://analytics.mykrone.green https://consent.cookiebot.com https://consentcdn.cookiebot.com https://maps.googleapis.com; frame-src 'self' *.youtube.com *.mykrone.green *.krone.de *.dev-datineo.de *.agroparts.com *.paypal.com *.crefopay.de *.cookiebot.com *.krone-uk.com *.krone.fr *.krone-nederland.nl *.krone-austria.at *.empolisservices.com *.k8s.internetx.io mailto: tel:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' *.mykrone.green landmaschinen.krone.de www.krone-agriculture.com data: *.openstreetmap.org https://maps.gstatic.com https://maps.googleapis.com; connect-src 'self' https://analytics.mykrone.green/ https://consentcdn.cookiebot.com/ https://maps.googleapis.com; font-src 'self' https://fonts.gstatic.com; report-uri https://mykrone.green/control/cspReport; 1
default-src 'self' data:; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' cdnjs.cloudflare.com www.google-analytics.com *.googleapis.com static.ads-twitter.com connect.facebook.net snap.licdn.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.google.com www.gstatic.com analytics.twitter.com static.zdassets.com cdn.jsdelivr.net mstat.acestream.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io cdn.dashly.app *.adroll.com openfpcdn.io https://fpcdn.io platform.twitter.com https://appleid.cdn-apple.com https://accounts.google.com/gsi/client unpkg.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com https://accounts.google.com/gsi/style; img-src 'self' data: https: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; font-src 'self' fonts.gstatic.com fonts.googleapis.com data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io cdn.dashly.app at.alicdn.com; connect-src 'self' www.google-analytics.com *.googleapis.com  www.facebook.com stats.g.doubleclick.net www.google.com copybet.zendesk.com ekr.zdassets.com sentry.copybet.com mc.yandex.ru http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.dashly.app wss://*.dashly.app https://adservice.google.com o895193.ingest.sentry.io stats.g.doubleclick.net d.adroll.com *.openfpcdn.io https://*.fptls.com/ https://*.api.fpjs.io https://fpjscdn.net https://*.fptls2.com https://*.linkedin.oribi.io https://accounts.google.com/gsi/; frame-src 'self' www.google.com pay.skrill.com test-api.sumsub.com api.sumsub.com bid.g.doubleclick.net stats.g.doubleclick.net www.facebook.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io platform.twitter.com https://accounts.google.com/gsi/; 1
object-src 'none';base-uri 'self';script-src 'nonce-UIm65WmCfM8vRJLCUdDBGw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'none'; script-src icq.com c.icq.com cicq.org 1l-hit.mail.ru www.google-analytics.com buddyicon.foto.mail.ru www.googletagmanager.com top-fwz1.mail.ru 'sha256-DKOsdd00IXAHc7qK64HiC18YrB2K4SfiH8Sl6A9aFyg=' 'sha256-u4WiMVZhYDdCrFwB8Zn3gLba1EI3pqIlFYWFZfXJl2I=' 'sha256-ynzJCJTMBeZF6kbmzoI2rC+vDRozRAHxsPfAruxve88=' 'sha256-j51JRkq0bwz97Hd/1wJQsIy6/aX9cz16Xyp+M8FshTA=' 'self'; style-src c.icq.com icq.com cicq.org 'self' 'unsafe-inline'; img-src data: icq.com c.icq.com cicq.org api.icq.net www.google-analytics.com buddyicon.foto.mail.ru files.icq.com files.imgsmail.ru u.icq.net u.myteam.vmailru.net ub.icq.net ub.myteam.vmailru.net swa.icq.com stats.g.doubleclick.net 'self'; media-src data: icq.com c.icq.com cicq.org api.icq.net www.google-analytics.com files.icq.com api.icq.net files.imgsmail.ru u.icq.net u.myteam.vmailru.net ub.icq.net ub.myteam.vmailru.net 'self'; font-src icq.com c.icq.com cicq.org 'self'; connect-src privacy.icq.com icq.com top-fwz1.mail.ru 'self'; report-uri /system/error 1
object-src 'none';base-uri 'self';script-src 'nonce-V4XKSYTjPd39fSzO88YbUg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-c137386b8a08f6a55db798f0ab3906b5' https://www.horlogeforum.nl/logs/ https://www.horlogeforum.nl/sidekiq/ https://www.horlogeforum.nl/mini-profiler-resources/ https://www.horlogeforum.nl/assets/ https://www.horlogeforum.nl/brotli_asset/ https://www.horlogeforum.nl/extra-locales/ https://www.horlogeforum.nl/highlight-js/ https://www.horlogeforum.nl/javascripts/ https://www.horlogeforum.nl/plugins/ https://www.horlogeforum.nl/theme-javascripts/ https://www.horlogeforum.nl/svg-sprite/ https://www.googletagmanager.com/gtm.js 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=' https://www.googletagmanager.com; worker-src 'self' https://www.horlogeforum.nl/assets/ https://www.horlogeforum.nl/brotli_asset/ https://www.horlogeforum.nl/javascripts/ https://www.horlogeforum.nl/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
style-src-elem https://purdys.local https://*.purdys.local https://purdys.com https://*.purdys.com https://*.listrakbi.com https://*.azureedge.net https://*.bootstrapcdn.com 'unsafe-inline' https://*.yotpo.com; script-src-elem https://purdys.local https://*.purdys.local https://purdys.com https://*.purdys.com https://*.hotjar.com https://*.searchspring.io https://*.searchspring.net https://*.azureedge.net https://www.googletagmanager.com https://acsbapp.com https://*.blob.core.windows.net https://*.listrakbi.com https://*.listrak.com 'self' https://*.licdn.com https://*.bing.com https://*.pinimg.com https://*.pinterest.com https://*.pepperjam.com https://*.tctm.co https://*.facebook.net https://*.youtube.com https://*.jsdelivr.net 'unsafe-inline' https://*.newrelic.com https://*.googleapis.com; font-src fonts.gstatic.com https://*.gstatic.com data: fonts.googleapis.com https://*.fontawesome.com maxcdn.bootstrapcdn.com https://purdys.local https://*.purdys.local https://purdys.com https://*.purdys.com https://*.cloudflare.com https://maxcdn.bootstrapcdn.com https://*.yotpo.com https://*.googleapis.com https://*.azureedge.net 'unsafe-inline' https://*.cloudfront.net *.yotpo.com *.googleapis.com *.gstatic.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://maps.googleapis.com/ *.meetanshi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://maps.googleapis.com/ http://maps.gstatic.com/ *.meetanshi.com https://meetanshi.com/media/logo.png *.nextopia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://purdys.local https://*.purdys.local https://purdys.com https://*.purdys.com https://*.bing.com https://*.google.com 'self' https://*.google.ca https://*.linkedin.com https://*.cloudfront.net https://*.listrakbi.com https://www.googletagmanager.com https://*.searchspring.io https://*.doubleclick.net https://*.fanexam.com https://redchamps.com *.facebook.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://maps.googleapis.com/ *.meetanshi.com cdn.nextopia.net *.ecomm-nav.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://purdys.com https://*.purdys.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net unpkg.com https://*.searchspring.io https://acsbapp.com https://*.blob.core.windows.net https://*.listrakbi.com 'self' https://cdn.searchspring.net/intellisuggest/is.min.js *.cloudflare.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com cdn.nextopia.net 'unsafe-inline' assets.braintreegateway.com https://*.azureedge.net https://*.listrakbi.com https://*.yotpo.com tagmanager.google.com *.yotpo.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://maps.googleapis.com/ http://maps.gstatic.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.meetanshi.com *.nextopia.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://purdys.local https://*.purdys.local https://purdys.com https://*.purdys.com https://*.listrakbi.com https://*.acsbapp.com https://*.pinterest.com https://*.linkedin.com https://*.velaro.com https://*.nr-data.net https://*.searchspring.io https://*.googleapis.com https://*.doubleclick.net https://*.hotjar.com https://*.tiktok.com https://*.fanexam.com https://beacon.searchspring.io/beacon *.google-analytics.com analytics.google.com *.facebook.net *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://f0d1d91f-01e4-4d5d-a8d9-5469b5b19d14.sansec.watch/; report-to report-endpoint; 1
default-src 'self'; script-src 'self' https://script.crazyegg.com/ https://static.hotjar.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://cdn.cookielaw.org/ https://cc.cdn.civiccomputing.com/ 'unsafe-eval' 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com/ 'unsafe-inline'; img-src * ; frame-src 'self' https://www.youtube.com/; font-src 'self' https://fonts.gstatic.com/ ;connect-src 'self' https://cdn.cookielaw.org/ https://region1.google-analytics.com/ https://geolocation.onetrust.com/ https://script.crazyegg.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://region1.analytics.google.com/ https://metrics.hotjar.io/ https://cc.cdn.civiccomputing.com/ 1
object-src 'none';base-uri 'self';script-src 'nonce-qfFDMMJ0wF5812Q7SjEu2A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' data: 'unsafe-inline' c.bongo4u.com; script-src 'self' data: 'unsafe-inline' c.bongo4u.com blob: 'unsafe-eval' bongo4u.com *.bongo4u.com *.emerge2.com *.google.com *.gstatic.com *.google-analytics.com *.googleapis.com *.googleusercontent.com *.googleadservices.com *.googletagmanager.com *.facebook.net *.twitter.com *.twimg.com *.youtube.com youtu.be *.ytimg.com *.yahooapis.com *.mailchimp.com *.list-manage.com chimpstatic.com *.ipify.org jsonip.com *.amazonaws.com/downloads.mailchimp.com/ *.jquery.com *.hotjar.com acsbapp.com *.bootstrapcdn.com googleads.g.doubleclick.net *.elfsight.com *.createsend1.com *.roomvo.com; connect-src 'self' data: 'unsafe-inline' c.bongo4u.com comments.emerge2.com util.emerge2.com bongo4u.com *.emerge2.com *.google-analytics.com *.googletagmanager.com *.google.com *.google.ca *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.doubleclick.net *.facebook.com *.hotjar.io *.hotjar.com acsbapp.com *.acsbapp.com *.elfsight.com createsend.com *.ipify.org *.mailchimp.com *.catalog-display.com *.roomvo.com *.opencagedata.com; frame-src 'self' data: 'unsafe-inline' c.bongo4u.com bongo4u.com *.google.com *.google.ca *.googleapis.com *.googletagmanager.com *.youtube.com *.youtu.be *.facebook.com *.twitter.com *.twimg.com *.instagram.com *.yahoo.com *.catalog-display.com *.shortstack.com *.pgtb.me *.formstack.com *.list-manage.com *.doubleclick.net *.orgill.com *.orgill.ca *.adobe.com *.hotjar.com *.storefrontcloud.io *.roomvo.com *.loom.com; object-src 'self' data: 'unsafe-inline' c.bongo4u.com  blob: *.apple.com *.macromedia.com; img-src 'self' https: data: blob: c.bongo4u.com *.bongo4u.com *.ytimg.com *.orgill.com android-webview-video-poster; media-src 'self' https: data: c.bongo4u.com; style-src 'self' data: 'unsafe-inline' c.bongo4u.com bongo4u.com *.bongo4u.com *.googletagmanager.com *.google.com *.google-analytics.com *.googleapis.com *.googleusercontent.com *.bootstrapcdn.com *.twitter.com *.twimg.com *.mailchimp.com *.cloudflare.com/ajax/libs/; font-src 'self' data: 'unsafe-inline' c.bongo4u.com *.googleapis.com fonts.gstatic.com *.bootstrapcdn.com fonts.cdnfonts.com *.googleusercontent.com *.cloudflare.com/ajax/libs/ *.hotjar.com *.acsbapp.com;  report-uri https://util.emerge2.com/csp_violations_tracker.php; 1
font-src *.gstatic.com *.authorize.net *.cardinalcommerce.com *.adobedtm.com *.yotpo.com 'self' data: *.cloudfront.net *.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.addthis.com/ *.moatads.com *.addthisedge.com m.addthis.com api-public.addthis.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.addthis.com *.moatads.com *.addthisedge.com m.addthis.com api-public.addthis.com *.google.com *.facebook.com *.facebook.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io blob: *.gstatic.com *.googleapis.com https://meetanshi.com/media/logo.png 'self' data: *.png *.jpg *.jpeg *.cloudfront.net *.yotpo.com *.cdninstagram.com *.facebook.com *.facebook.net *.google.com *.google.lk www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.addthis.com/ *.moatads.com *.addthisedge.com m.addthis.com api-public.addthis.com *.google.com *.gstatic.com *.googleapis.com *.authorize.net *.cardinalcommerce.com *.cloudfront.net *.facebook.net *.newrelic.com *.nr-data.net *.googletagmanager.com *.yotpo.com cdn.rawgit.com *.zdassets.com *.mastercard.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.cloudfront.net *.yotpo.com unsafe-inline *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.addthis.com/ *.moatads.com *.addthisedge.com m.addthis.com api-public.addthis.com *.googleapis.com *.google-analytics.com *.cardinalcommerce.com *.amazon.com *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonservices.com *.amazonservices.co.jp *.amazonservices.jp *.amazonservices.it *.amazonservices.fr *.amazonservices.es *.trackedweb.net *.nr-data.net *.instagram.com *.dotdigital.com *.comapi.com *.paypal.com *.cloudfront.net *.facebook.com *.facebook.net *.doubleclick.net *.zdassets.com *.zendesk.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com ws: 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-U6wLnh4iUFJLcBGW9bV2og' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-iz9_1Rr0ggU63LNfqciYug' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
child-src give.lupusresearch.org; connect-src 'self' adservice.google.com analytics.google.com content.hotjar.io doublethedonation.com graph.facebook.com localhost:49506 metrics.hotjar.io my.yoast.com region1.analytics.google.com sfapi.formstack.io stats.g.doubleclick.net translate-pa.googleapis.com translate.googleapis.com vc.hotjar.io wss://ws.hotjar.com www.google-analytics.com www.google.ae www.google.bg www.google.ca www.google.ch www.google.cl www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.nz www.google.co.th www.google.co.uk www.google.co.ve www.google.co.za www.google.com www.google.com.ar www.google.com.au www.google.com.bo www.google.com.br www.google.com.co www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.mx www.google.com.my www.google.com.ng www.google.com.ni www.google.com.np www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.sg www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.uy www.google.com.vn www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.hn www.google.hr www.google.ie www.google.it www.google.jo www.google.mu www.google.nl www.google.pt www.google.rs www.google.ru www.google.se www.google.tg www.googleadservices.com www.googletagmanager.com yoast.com; default-src 'self' adservice.google.com ajax.googleapis.com analytics.google.com api.pinterest.com give.lupusresearch.org graph.facebook.com pi.pardot.com script.hotjar.com sdk.classy.org self static.hotjar.com stats.g.doubleclick.net www.google.co.id www.google.co.ve www.google.com www.google.com.mx www.googleadservices.com www.googletagmanager.com www.linkedin.com; font-src 'self' doublethedonation.com fonts.gstatic.com; form-action translate.googleapis.com; frame-ancestors 'self'; frame-src 'self' accounts.google.com drive.google.com give.lupusresearch.org go.pardot.com m.youtube.com platform.twitter.com syndication.twitter.com td.doubleclick.net td.doubleclick.net.x.309c2a3c011b004eb909b9c0fbcf356ac945.ccc2ef1d.id.opendns.com td.doubleclick.net.x.d7a485400de9e04b270bd000bf1543e49722.d043d9ad.id.opendns.com translate.googleapis.com www.google.com www.youtube.com block.opendns.com feedback-pa.clients6.google.com www.congressweb.com mozbar.moz.com; img-src ad.doubleclick.net adservice.google.com aflr.convio.net doublethedonation.com fonts.gstatic.com frontdoorcdn.formstack.io googleads.g.doubleclick.net lupusresearch.org lupustherapeutics.org stats.g.doubleclick.net support.lupusresearch.org syndication.twitter.com translate.google.com walk.lupusresearch.org www.google.ad www.google.ae www.google.at www.google.ba www.google.be www.google.bg www.google.ca www.google.ch www.google.cl www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.ug www.google.co.uk www.google.co.ve www.google.co.za www.google.co.zw www.google.com www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.fj www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.lb www.google.com.ly www.google.com.mt www.google.com.mx www.google.com.my www.google.com.ng www.google.com.ni www.google.com.np www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.sa www.google.com.sg www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gr www.google.gy www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.iq www.google.it www.google.jo www.google.lv www.google.me www.google.mu www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.sn www.google.so www.google.sr www.google.tg www.google.tn www.google.tt www.googletagmanager.com www.gstatic.com 'self' cfcgiving.opm.gov csi.gstatic.com i.ytimg.com www.google.co.bw; manifest-src 'self'; prefetch-src 'self'; script-src-elem 'self' ajax.googleapis.com api.pinterest.com apis.google.com cdn.jsdelivr.net connect.facebook.net doublethedonation.com localhost:49506 pi.pardot.com platform.twitter.com script.hotjar.com sdk.classy.org sfapi.formstack.io static.hotjar.com www.google.com www.googleadservices.com www.googletagmanager.com www.linkedin.com yoast.com www.congressweb.com www.gstatic.com; script-src 'self' ajax.googleapis.com api.pinterest.com pi.pardot.com script.hotjar.com sdk.classy.org sfapi.formstack.io static.hotjar.com www.googletagmanager.com www.linkedin.com; style-src-elem 'self' doublethedonation.com fonts.googleapis.com frontdoorcdn.formstack.io cdnjs.cloudflare.com www.gstatic.com; style-src 'self' frontdoorcdn.formstack.io www.gstatic.com; worker-src 'self'; report-uri https://lupusresearch.report-uri.com/r/d/csp/reportOnly 1
child-src id.quicklaunch.io 'self'; connect-src 'self' lcas-dev.lakelandcc.edu lcas.lakelandcc.edu www.lakelandcc.edu myportal-new-dev.lakelandcc.edu myportal.lakelandcc.edu: report-uri https://lakeland.report-uri.com/r/t/csp/wizard 1
object-src 'none';base-uri 'self';script-src 'nonce-SEKDqExcvE24u1rueDjHQw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri https://www.yelp.com/csp_report_only?id=6a61e573fc257e6c&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=41d0c45536d2a082f11d1cd0e00fde7f&site=www&timestamp=1721957240; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: blob:; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; font-src data: https:; child-src https: yelp-webview://* yelp://* data:; object-src 'none'; worker-src blob: https:; base-uri 'self'; form-action https: 1
script-src https://www.stokesstores.com/ https://load.measure.stokesstores.com/ https://apis.google.com/ https://static.klaviyo.com/ https://api.heyday.ai/ https://static-tracking.klaviyo.com/ https://cdn.attn.tv/ https://bat.bing.com/ https://www.clarity.ms/ https://pixel.byspotify.com/ https://woobox.com/ https://cdn.raygun.io/ https://js-agent.newrelic.com/; style-src 'self' blob: https: 'unsafe-inline' https://www.stokesstores.com/; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com static.klaviyo.com; frame-src assets.braintreegateway.com www.google.com www.youtube.com www.youtu.be www.vimeo.com https://creatives.attn.tv https://webchat.heyday.ai 1
font-src fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com data: *.gstatic.com 'self' data: www.dufrio.com.br data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com www.dufrio.com.br 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.dufrio.com.br 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com cdn.dnky.co *.hotjar.com *.google.com *.facebook.com *.trustpilot.com *.criteo.com *.mercadopago.com *.mercadolibre.com www.dufrio.com.br *.voxus.tv *.btg360.com.br *.criteo.net *.awin1.com *.zenaps.com td.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net *.google-analytics.com ssl.gstatic.com www.gstatic.com https://cdn.mundipagg.com https://api.pagar.me www.xtento.com cdn.xtento.com *.ebit.com.br *.ebitempresa.com.br *.mercadopago.com *.mlstatic.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com *.caravelx.com 'self' data: www.dufrio.com.br *.dufrio.com.br s3.amazonaws.com newimgebit-a.akamaihd.net *.bing.com *.google.com.br *.adnxs.com *.mercadopago.com.br *.btg360.com.br *.criteo.com *.mediavine.com *.bluekai.com *.adgrx.com *.casalemedia.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.sharethrough.com *.rubiconproject.com *.media.net *.doubleclick.net *.bidswitch.net *.emxdgt.com *.yieldmo.com *.clmbtech.com *.socdm.com *.omnitagjs.com *.stickyadstv.com *.360yield.com *.ivitrack.com *.liadm.com *.outbrain.com *.pubmatic.com *.revcontent.com *.tremorhub.com *.awin1.com *.zenaps.com *.yahoo.net *.postrelease.com *.aralego.com *.aralego.net *.dmxleo.com *.clearsale.com.br data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.gstatic.com fonts.googleapis.com *.paypal.com *.google.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com tagmanager.google.com www.xtento.com cdn.xtento.com *.ebit.com.br *.mercadopago.com *.mlstatic.com connect.facebook.net js.huggy.chat *.avada.io www.dufrio.com.br s3.amazonaws.com *.voxus.com.br *.bing.com *.btg360.com.br *.adcart.com.br *.dwin1.com *.afilio.com.br *.awin1.com *.zenaps.com *.sciencebehindecommerce.com *.clearsale.com.br *.cloudflareinsights.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net tagmanager.google.com fonts.google.com *.ebit.com.br *.mercadopago.com webfonts.huggy.cloud *.gstatic.com www.dufrio.com.br s3.amazonaws.com 'self' 'unsafe-inline'; object-src www.dufrio.com.br 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com www.dufrio.com.br 'self' 'unsafe-inline'; manifest-src www.dufrio.com.br 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net *.clarity.ms *.facebook.com *.datatrics.com *.analytics.google.com *.googletagmanager.com https://api.mundipagg.com https://api.pagar.me https://hits-banner-cloud-function.azurewebsites.net *.mercadopago.com maps.googleapis.com *.mercadolibre.com wss://ct-socket.huggy.app widget.huggy.io viacep.com.br https://get.geojs.io *.avada.io t.elasticsuite.io www.dufrio.com.br *.reclameaqui.com.br *.voxus.tv *.voxus.com.br *.loggly.com *.ipify.org *.criteo.com *.bing.com *.us-east-2.on.aws *.sciencebehindecommerce.com *.wepowerconnections.com 'self' 'unsafe-inline'; child-src www.dufrio.com.br http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com www.dufrio.com.br *.google.com.br 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.dufrio.com.br 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-YRzOoCgiwe5P8ltYgYNhUg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Gz53gCSa8pALt1HjUu810Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-8430Aap0tVLEicS6qerOXA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'none';object-src 'none';base-uri 'none';frame-src 'self' https://www.facebook.com https://www.google.com https://*.googlesyndication.com https://player.vimeo.com https://*.doubleclick.net https://*.surveypal.com https://www.youtube.com;default-src 'unsafe-eval' 'unsafe-inline' 'self' data: https: blob: 1
default-src 'self' syndication.twitter.com; script-src js.trentino.com 'unsafe-inline' 'unsafe-eval' player.peer.tv stats.peer.biz platform.twitter.com apis.google.com; connect-src 'self' stats.peer.biz; img-src 'self' data: images2.trentino.com css.trentino.com  www.hotel-guide.it player.peer.tv stats.peer.biz carto.peer.biz www.gravatar.com syndication.twitter.com api.trustyou.com; style-src 'self' 'unsafe-inline' css.trentino.com js.trentino.com; font-src css.trentino.com; frame-src 'self' player.peer.tv www.facebook.com platform.twitter.com apis.google.com accounts.google.com www.youtube.com; child-src 'self' player.peer.tv www.facebook.com platform.twitter.com apis.google.com accounts.google.com www.youtube.com; report-uri https://csp-report.peer.biz/reportOnly/index 1
font-src *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io store.paradoxlabs.com maps.gstatic.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.avada.io *.authorize.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com maps.googleapis.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io *.authorize.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-8uZBvPkrEQpQ5j_3ro7A-g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-431ec37493424385b21ea0e0f9e37c79' https://www.tannermychart.org 'self';img-src https://* 'self' blob: data:;style-src https://www.tannermychart.org 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1
font-src maxcdn.bootstrapcdn.com https://v2.zopim.com/widget/fonts/zopim.ttf *.stripe.com *.klarna.com *.klarnacdn.net *.klarnaevt.com  *.cloudflare.com *.twitter.com https://www.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com self data: klarna.com *.klarnaevt.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com td.doubleclick.net widget.trustpilot.com *.twitter.com *.facebook.com *.tradecentric.com *.punchout2go.com account.fetchify.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.posturite.co.uk *.paypalobjects.com static.zdassets.com *.cloudflare.com px.ads.linkedin.com bat.bing.com *.google.co.uk v2.zopim.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.usercentrics.eu *.feefo.com *.facebook.com *.assets.adobedtm.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com snap.licdn.com connect.punchout2go.com/jslib/lib/basic/basic.js bat.bing.com cdn.iintf.co v2.zopim.com static.zdassets.com www.dwin1.com www.upsellit.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com https://www.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bootstrapcdn.com *.facebook.net *.assets.adobedtm.com www.clarity.ms widget.trustpilot.com *.visualwebsiteoptimizer.com *.hotjar.com widget.freshworks.com m2epro.freshdesk.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.cloudflare.com connect.punchout2go.com widget.freshworks.com m2epro.freshdesk.com *.bootstrapcdn.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com cc-cdn.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com posturite.zendesk.com *.cloudflare.com m0nb5es2od.execute-api.eu-west-2.amazonaws.com gweu.stape.io ekr.zdassets.com wss://widget-mediator.zopim.com *.doubleclick.net ddlnk.net *.analytics.google.com static.zdassets.com *.usercentrics.eu *.twitter.com *.paypal.com *.twimg.com *.feefo.com *.nr-data.net s.clarity.ms capig.stape.cloud pagead2.googlesyndication.com bat.bing.com www.google.co.uk *.tradecentric.com *.punchout2go.com widget.freshworks.com m2epro.freshdesk.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.happybeds.co.uk/; report-to report-endpoint; 1
default-src https:; 						script-src https: 'unsafe-inline' 'unsafe-eval'; 						style-src https: 'unsafe-inline'; 						font-src https: data:; 						img-src https: data: about: ; 						connect-src https: wss: 'self'; 						worker-src https: blob: 'self'; 1
img-src https: data:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline' 1
default-src 'self'; script-src 'self' 'nonce-HSbBsdGEoZHLQImZBro+wuGY85JZiV/WRNi/ZGopx+4=' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net; style-src 'self' 'nonce-HSbBsdGEoZHLQImZBro+wuGY85JZiV/WRNi/ZGopx+4=' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com ; img-src 'self' https://*.google-analytics.com https://*.analytics.google.com  https://*.googletagmanager.com  https://*.g.doubleclick.net https://*.gstatic.com https://*.google.com https://googleads.g.doubleclick.net data:; font-src 'self' https://fonts.gstatic.com data:; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://bid.g.doubleclick.net; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.googleapis.com; report-uri /csp-report ;report-to cspendpoint; 1
default-src 'self' www.golfleaguetracker.com 'unsafe-inline' www.paypal.com www.paypalobjects.com *.googleapis.com www.googletagmanager.com *.bing.com mylivechat.com *.mylivechat.com fonts.gstatic.com *.clarity.ms js.monitor.azure.com www.google-analytics.com stats.g.doubleclick.net 'unsafe-eval' *.google.com ws://localhost:* http://localhost:* cdnjs.cloudflare.com code.jquery.com cdn.datatables.net use.fontawesome.com *.maxcdn.com *.msecnd.net golfleaguetracker.disqus.com referrer.disqus.com *.privacymanager.io *.disquscdn.com js.stripe.com api.openweathermap.org *.visualstudio.com data:;frame-src disqus.com *.privacymanager.io  'self' 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.bootstrapcdn.com *.edrone.me *.googleapis.com *.google.com/recaptcha *.google-analytics.com https://cdnjs.cloudflare.com *.fontawesome.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.payline.com *.gstatic.com *.google.com/recaptcha *.google.com *.google-analytics.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.payline.com *.criteo.com *.facebook.net *.gstatic.com *.edrone.me *.cloudfront.net *.googleapis.com *.trustedshops.com *.google.com/recaptcha *.hotjar.com *.google-analytics.com *.cookiebot.com *.addthis.com *.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * secure.payu.com merch-prod.snd.payu.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com https://img.youtube.com https://i.ytimg.com *.google-analytics.com *.googleadservices.com *.google.pl *.ssl.gstatic.com *.edrone.me *.cloudfront.net *.googleapis.com *.trustedshops.com *.google.com/recaptcha https://csr.onet.pl *.inistrack.net *.pixel.wp.pl https://pixel.wp.pl/api *.clarity.ms https://t.co *.bing.com *.yahoo.com *.criteo.com https://x.bidswitch.net https://ib.adnxs.com https://secure.adnxs.com https://contextual.media.net https://pixel.rubiconproject.com https://match.sharethrough.com https://rtb-csync.smartadserver.com https://sync-t1.taboola.com https://criteo-sync.teads.tv https://sync-criteo.ads.yieldmo.com https://criteo-partners.tremorhub.com https://eb2.3lift.com https://cm.adform.net https://visitor.omnitagjs.com https://r.casalemedia.com https://id5-sync.com https://ad.360yield.com https://matching.ivitrack.com https://exchange.mediavine.com https://sync.outbrain.com https://simage2.pubmatic.com https://ad.yieldlab.net https://dpm.demdex.net https://beacon.krxd.net https://a.twiago.com https://s.thebrighttag.com *.addthisedge.com *.twitter.com *.alothemes.com *.magepow.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com static.payu.com *.hsforms.net *.hsforms.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.ssl.google-analytics.com *.googleadservices.com *.criteo.com *.criteo.net *.savecart.pl *.trustedshops.com *.edrone.me *.cloudfront.net *.googleapis.com http://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/api.js *.goadservices.com *.onet.pl *.tagmanager.google.com https://ocdn.eu *.cardinalcommerce.com *.hotjar.com https://live-chat.chatbotize.com/chatbotize-entrypoint.min.js *.pixel.wp.pl https://pixel.wp.pl/w/tr.js https://pixel.wp.pl *.inistrack.net https://cdn.jsdelivr.net/npm/@finsweet/cookie-consent@1/fs-cc.js *.cookiebot.com *.bing.com *.twitter.com *.inis360.com *.cdngazeta.com *.cdngazeta.pl cdngazeta.pl *.googleoptimize.com *.clarity.ms https://artemis-cdn.ocdn.eu https://p.gsitrix.com https://o.gsitrix.com/sys.php https://bam.eu01.nr-data.net https://static.ads-twitter.com https://analytics.tiktok.com https://ec.monplat-cdn.com *.luigisbox.com https://cdnjs.cloudflare.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.alothemes.com *.magepow.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com secure.payu.com secure.snd.payu.com *.hsforms.net *.hsforms.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.bootstrapcdn.com *.edrone.me *.trustedshops.com *.google.com/recaptcha *.tagmanager.google.com *.google-analytics.com *.cookiebot.com *.savecart.pl https://fonts.googleapis.com https://cdnjs.cloudflare.com *.fontawesome.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src https://tolpapl.savecart.pl 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.edrone.me *.trustedshops.com *.google.com/recaptcha http://d3bo67muzbfgtl.cloudfront.net/externals *.cardinalcommerce.com *.onet.pl *.hotjar.com https://www.googleapis.com/pagespeedonline *.googleapis.com *.savecart.pl *.cookiebot.com *.clarity.ms https://p.gsitrix.com https://bam.eu01.nr-data.net https://clk.leadexpert.pl https://analytics.tiktok.com *.luigisbox.com ekr.zdassets.com/ *.alothemes.com *.magepow.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com google.com secure.payu.com merch-prod.snd.payu.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self'; report-uri https://api.mobilepay.dk/cspreporting/mobilepay-dk 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.klarnacdn.net *.klevu.com *.ksearchnet.com https://cdn.nibble.website https://widget-cdn.nibble.website https://fonts.googleapis.com https://fonts.gstatic.com/ *.yotpo.com *.googleapis.com *.google.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com *.clearpay.co.uk *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.yotpo.com *.gstatic.com https://secure.gocertify.me/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.afterpay.com *.clearpay.co.uk *.klarna.com *.klarnaevt.com *.klarnacdn.net *.klevu.com *.ksearchnet.com https://img.youtube.com https://cdn.nibble.website https://widget-cdn.nibble.website www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.yotpo.com *.magentocommerce.com *.ometria.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com *.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.afterpay.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net *.klarna.com *.klarnacdn.net *.klarnaservices.com *.klevu.com *.ksearchnet.com s7.addthis.com https://cdn.nibble.website https://widget.nibble.local https://widget-cdn.nibble.website https://cdn.preprod.nibble.website https://widget-cdn.preprod.nibble.website https://widget-cdn.prod.nibble.website/nibble-window.min.js js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.yotpo.com *.adobedtm.com *.ometria.com *.newrelic.com *.nr-data.net *.webeyez.com *.webgains.io https://assets.gocertify.me/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.afterpay.com/ *.squarecdn.com *.klarnacdn.net *.klevu.com *.ksearchnet.com https://cdn.nibble.website https://fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.yotpo.com getfirebug.com *.dnky.co *.dotdigital.com https://secure.gocertify.me/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://cdn.nibble.website https://widget-cdn.nibble.website 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.klevu.com *.ksearchnet.com ekr.zdassets.com/ https://cdn.nibble.website https://api.nibble.local https://api.dev.nibble.website https://api.preprod.nibble.website https://api.nibble.website api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.yotpo.com *.gstatic.com *.googleapis.com *.nr-data.net *.webeyez.com *.webgains.io https://vl-shipping-functions-sandbox.azurewebsites.net https://assets.gocertify.me/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; img-src 'self' ddvadk8a7qlv6.cloudfront.net d3dznqlyykxbqi.cloudfront.net d14bnm3v6f1aqe.cloudfront.net res.cloudinary.com data: *.google.com www.google-analytics.com www.facebook.com www.google.co.uk bam-cell.nr-data.net www.googletagmanager.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' minnesota-orchestra.s3.eu-west-1.amazonaws.com ddvadk8a7qlv6.cloudfront.net d3dznqlyykxbqi.cloudfront.net *.ximasoftware.com my.minnesotaorchestra.org *.googletagmanager.com *.amazonaws.com *.newrelic.com www.googleadservices.com googleads.g.doubleclick.net www.google-analytics.com connect.facebook.net bam-cell.nr-data.net www.google.com/pagead/conversion_async.js; script-src-elem 'self' 'unsafe-inline' *.gstatic.com *.nr-data.net *.google.com minnesota-orchestra.s3.eu-west-1.amazonaws.com ddvadk8a7qlv6.cloudfront.net d3dznqlyykxbqi.cloudfront.net *.ximasoftware.com *.googletagmanager.com *.amazonaws.com *.newrelic.com www.googleadservices.com googleads.g.doubleclick.net www.google-analytics.com connect.facebook.net bam-cell.nr-data.net my.minnesotaorchestra.org; style-src 'self' 'unsafe-inline' *.typekit.net *.ximasoftware.com minnesota-orchestra.s3.eu-west-1.amazonaws.com ddvadk8a7qlv6.cloudfront.net d3dznqlyykxbqi.cloudfront.net d14bnm3v6f1aqe.cloudfront.net; style-src-elem 'self' 'unsafe-inline' *.typekit.net *.ximasoftware.com minnesota-orchestra.s3.eu-west-1.amazonaws.com ddvadk8a7qlv6.cloudfront.net d3dznqlyykxbqi.cloudfront.net d14bnm3v6f1aqe.cloudfront.net; font-src 'self' *.typekit.net minnesota-orchestra.s3.eu-west-1.amazonaws.com ddvadk8a7qlv6.cloudfront.net d3dznqlyykxbqi.cloudfront.net d14bnm3v6f1aqe.cloudfront.net; connect-src 'self' sqs.us-east-1.amazonaws.com *.google-analytics.com my.minnesotaorchestra.org api.swiftype.com *.ximasoftware.com analytics.google.com bam-cell.nr-data.net bam.nr-data.net *.doubleclick.net www.google-analytics.com www.facebook.com; media-src 'self' *.ximasoftware.com; frame-src 'self' *.google.com *.doubleclick.net open.spotify.com; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.saudeportomed.com.br ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-_DdmaOfTzCZwBnQn7eVEzw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src https://fonts.gstatic.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cybersource.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.getbread.com *.breadpayments.com *.rbcpayplan.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.weltpixel.com *.cybersource.com https://www.youtube.com https://ct.pinterest.com https://pixel-sync.sitescout.com *.pitai.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.getbread.com *.breadpayments.com *.rbcpayplan.com shipping-offers-static-images-bucket-platformsandbox.s3.amazonaws.com shipping-offers-static-images-bucket-stage.s3.amazonaws.com shipping-offers-static-images-bucket-prod.s3.amazonaws.com shipping-offers-static-images-bucket-dev.s3.amazonaws.com shipping-offers-static-images-bucket-demo.s3.amazonaws.com helloextend-static-assets.s3.amazonaws.com https://s3.amazonaws.com/ccspersistenceprod-contentstaticassets04b201d4-1apqb8dyegznm/offers/learnMoreModal-default-1654273334107-learnMoreModal.backgroundImageUrl_Generic_WomanwithBox2.jpg https://helloextend-static-assets.s3.amazonaws.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com store.paradoxlabs.com 'self' data: *.gstatic.com *.facebook.com www.mypillow.com https://www.mypillow.com https://trkn.us https://bat.bing.com https://obs.segreencolumn.com https://pixel.sitescout.com *.riskified.com *.pitai.io *.listrakbi.com https://mediacdn.espssl.com *.google.com *.google.pl https://static-na.payments-amazon.com https://t.co/ https://analytics.twitter.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.getbread.com *.breadpayments.com *.rbcpayplan.com https://sdk.helloextend.com/ https://*.helloextend.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com h.online-metrix.net *.authorize.net *.google.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net data: *.mypillow.com *.listrakbi.com https://bat.bing.com https://analytics.tiktok.com *.zdassets.com https://www.youtube.com https://sdk.helloextend.com https://static.cloudflareinsights.com https://script.hotjar.com *.listrak.com https://s.pinimg.com https://www.google-analytics.com/analytics.js https://obs.segreencolumn.com https://franktpin.pitai.io https://beacon.riskified.com https://tags.srv.stackadapt.com *.basis.net https://ct.pinterest.com https://pixel-sync.sitescout.com https://a.ads.rmbl.ws https://sandbox-api.epicpay.com *.hotjar.com *.noibu.com *.segreencolumn.com https://static.ads-twitter.com/ https://api.epicpay.com/ https://maps.googleapis.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com https://tags.srv.stackadapt.com *.listrakbi.com https://kit.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.getbread.com *.breadpayments.com *.rbcpayplan.com https://*.helloextend.com/ https://*.extend.com/ https://*.helloextend.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com h.online-metrix.net *.authorize.net t.elasticsuite.io *.google-analytics.com *.facebook.net https://input.noibu.com https://obs.segreencolumn.com wss://input.noibu.com *.zdassets.com *.analytics.google.com https://ct.pinterest.com *.pitai.io *.listrak.com *.listrakbi.com https://tags.srv.stackadapt.com *.riskified.com *.paypal.com *.breadgateway.net *.doubleclick.net *.hotjar.io https://bat.bing.com wss://ws.hotjar.com/ https://mystorellc.zendesk.com/ https://maps.googleapis.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; base-uri 'none'; script-src 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'nonce-1A8NKi487Lv13gXszVFJwg=='; report-uri https://rlwak3ea0j.execute-api.ap-northeast-1.amazonaws.com/prod/csp-reports 1
frame-ancestors 'self'; script-src 'unsafe-inline' 'unsafe-eval' *.williamdam.dk *.skybooks.dk *.cloudflare.com *.cloudflareinsights.com *.googletagmanager.com *.gstatic.com *.google.com *.googlesyndication.com *.googleadservices.com *.googleapis.com *.viabill.com *.trustpilot.com *.clarity.ms *.doubleclick.net *.bing.com *.facebook.net *.facebook.com *.fontawesome.com *.jsdelivr.net *.bootstrapcdn.com *.jquery.com *.bog.nu *.w3.org *.schema.org *.postnord.com *.postnord.dk *.pubhub.dk *.cookie-script.com; report-uri /csp_report.php 1
object-src 'none';base-uri 'self';script-src 'nonce-eAP2TAMUhk-iNmE-GU7sng' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /error/csp-report 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.facebook.com 3dsecure.nexi.it *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.nexigroup.com *.redsys.es *.sia.eu *.vinea.es *.ing.ro *.landbank.com *.eewosecure.com *.sibs.ro *.mercurypaymentservices.it *.netsgroup.com *.cic.fr *.creditmutuel.fr *.modirum.com *.secure.lcl.fr *.arcot.com www.securesuite.co.uk *.wlp-acs.com *.otpbank.hu *.3ds-hanseaticbank.de *.abanca.com *.securesuite.co.uk *.revolut.com *.apata.io *.ing.com *.psa.at *.stripeauthentications.com www.secure22gw.ro *.secure22gw.ro *.winbank.gr *.piraeusbank.gr www.rsa3dsauth.co.uk *.n26.com *.egcp.com *.cardcomplete.com *.sibs.pt *.swedbank.se *.3dsecure.no *.citibank.pl 3dsecure-vrp.de *.3dsecure-vrp.de *.consorsfinanz.de *.emlpayments.com *.bnpparibas.pl *.pluscard.de *.sgb.pl *.cm-cic.com *.edb.com *.cyris.com *.garantibank.ro *.kombank.com:8449 *.pkobp.pl *.sebkort.com *.enfuce.com:* *.cardcenter.ch *.bankmillennium.pl *.nbg.gr *.easybank.at *.bpcprocessing.com *.capitalone.com *.kbcard.com *.sparebank1.no *.viseca.ch *.luottokunta.fi *.csi-processing.com *.cld.asseco-see.hr *.bankid.no *.ibotta.com *.marqeta.com *.raiffeisen.hu *.fisglobal.com *.3debspay.boc.cn *.btrl.ro *.sparkassen-kreditkarten.de *.firstdata.de *.bonuscard.ch *.cornercard.ch *.dkb.de *.sparkasse.at *.uobgroup.com *.bkm.com.tr *.garanti.com.tr *.acb.com.vn:* *.borica.bg *.hdbank.com.vn:* *.kredobank.com.ua *.mbank.pl *.s-id-check-sparkassen.de *.six-group.com *.sbanken.no *.credit-agricole.pl *.samsungcard.com *.mycardplace.com *.otpbanka.hr *.apac.citibank.com *.monzo.com *.alinma.com *.rsa3dsauth.com rsa3dsauth.com easyabc.95599.cn *.easyabc.95599.cn *.bov.com *.ipc.kg *.oschadbank.ua *.qnb.com *.seglan.com *.placetopay.com *.postfinance.ch *.leobank.az *.maybank.com.sg *.raiffeisenbank.rs *.tatrabanka.sk *.ocbc.com *.cupdapp.cn *.fssnet.co.in *.gc.ge *.luminorgroup.com *.swisscard.ch *.targobank.de *.bankofafrica.ma *.rba.hr *.privatbank.ua *.3dsecure-csas.cz *.smartsecure.tsys.co.uk *.ccb.com.cn *.2c2p.com *.bci.cl *.commerzbank.de mycardsecure.com *.mycardsecure.com *.citadele.lv *.creditcard.ecitic.com *.monext.fr *.pekao24.pl *.nonghyup.com *.acs.cmbchina.com *.comdirect.de *.mutuauniversal.net *.centrum24.pl *.acdcproc.com *.akbank.com.tr *.paylife.at *.hanacard.co.kr:* *.ufc.ge *.gpesecure.com *.cafis-paynet.jp *.lloydsbankinggroup.com *.mitid.dk *.nccc.com.tw *.cebbank.com *.rpc-raiffeisen.com *.upc.ua *.kapitalbank.az *.ukrsibbank.com *.bcc.kz:* *.cgbchina.com.cn *.klikbca.com *.sumup.com *.hpb.hr *.inecoecom.am *.redbanc.cl *.yapikredi.com.tr *.emv.acs.opentech.com *.attijariwafa.com *.areq.mpts.modirum.com:* *.bkm.com.tr:* *.3dsacs.net *.maybank.com.my *.wibmo.com *.icicibank.com *.afs.com.bh *.kaspi.kz *.ntctr.acs.danskebank.com *.optimuscards.com *.abmb.com.my *.slsp.sk *.zen.com *.sparda.de *.ecommerce.md *.spdb.com.cn:* *.smartsecure.tsys.co.uk:* *.acswbpd.ccb.com *.eahli.com *.zaba.hr *.fortebank.com *.fuib.com *.estcard.ee *.tribepayments.com *.ctbcbank.com *.armbusinessbank.am *.bancochile.cl *.cathaybk.com.tw *.soldo.com *.capitecbank.co.za *.mbank.sk *.starlingbank.com *.hitrust-us.com:9750 *.enginebystarling.net *.cardinalcommerce.com:* *.id.mastercard.bunq.com *.santander.cl *.secureacs.com *.bog.ge *.consorsbank.de *.ing.de *.icbc.com.cn *.hsbc.co.id *.rpc-raiffeisen.com:* *.stcpay.com.sa *.3dsecure-atruvia.de *.hu.bpcbt.com *.a-bank.com.ua *.ipakyulibank.uz:* bezpecne-platby.rb.cz *.bezpecne-platby.rb.cz *.santander.com.br *.2c2p.com:* *.asseco-see.hr:* particuliers.sg.fr *.particuliers.sg.fr *.bccard.com *.petafuel.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.sharethis.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.gigya.com pay.google.com consentcdn.cookiebot.com www.youtube.com vimeo.com *.facebook.com https://www.yumpu.com/ *.snapchat.com *.doubleclick.de *.doubleclick.ne *.doubleclick.net *.sc-static.net sc-static.net *.container.webgains.link 3dsecure.nexi.it *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.recaptcha.net *.google.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.nexigroup.com *.redsys.es *.sia.eu *.vinea.es *.ing.ro *.landbank.com *.eewosecure.com *.sibs.ro *.mercurypaymentservices.it *.netsgroup.com *.cic.fr *.creditmutuel.fr *.modirum.com *.secure.lcl.fr *.arcot.com www.securesuite.co.uk *.wlp-acs.com *.otpbank.hu *.3ds-hanseaticbank.de *.abanca.com *.securesuite.co.uk *.revolut.com *.apata.io *.ing.com *.psa.at *.stripeauthentications.com www.secure22gw.ro *.secure22gw.ro *.winbank.gr *.piraeusbank.gr www.rsa3dsauth.co.uk *.n26.com *.egcp.com *.cardcomplete.com *.sibs.pt *.swedbank.se *.3dsecure.no *.citibank.pl 3dsecure-vrp.de *.3dsecure-vrp.de *.consorsfinanz.de *.emlpayments.com *.bnpparibas.pl *.pluscard.de *.sgb.pl *.cm-cic.com *.edb.com *.cyris.com *.garantibank.ro *.kombank.com:8449 *.pkobp.pl *.sebkort.com *.enfuce.com:* *.cardcenter.ch *.bankmillennium.pl *.nbg.gr *.easybank.at *.bpcprocessing.com *.capitalone.com *.kbcard.com *.sparebank1.no *.viseca.ch *.luottokunta.fi *.csi-processing.com *.cld.asseco-see.hr *.bankid.no *.ibotta.com *.cardinalcommerce.com *.marqeta.com *.raiffeisen.hu *.fisglobal.com *.3debspay.boc.cn *.btrl.ro *.sparkassen-kreditkarten.de *.firstdata.de *.bonuscard.ch *.cornercard.ch *.dkb.de *.sparkasse.at *.uobgroup.com *.bkm.com.tr *.garanti.com.tr *.acb.com.vn:* *.borica.bg *.hdbank.com.vn:* *.kredobank.com.ua *.mbank.pl *.s-id-check-sparkassen.de *.six-group.com *.sbanken.no *.credit-agricole.pl *.samsungcard.com *.mycardplace.com *.otpbanka.hr *.apac.citibank.com *.monzo.com *.alinma.com *.rsa3dsauth.com rsa3dsauth.com easyabc.95599.cn *.easyabc.95599.cn *.bov.com *.ipc.kg *.oschadbank.ua *.qnb.com *.seglan.com *.placetopay.com *.postfinance.ch *.leobank.az *.maybank.com.sg *.raiffeisenbank.rs *.tatrabanka.sk *.ocbc.com *.cupdapp.cn *.fssnet.co.in *.gc.ge *.luminorgroup.com *.swisscard.ch *.targobank.de *.bankofafrica.ma *.rba.hr *.privatbank.ua *.3dsecure-csas.cz *.smartsecure.tsys.co.uk *.ccb.com.cn *.2c2p.com *.bci.cl *.commerzbank.de mycardsecure.com *.mycardsecure.com *.citadele.lv *.creditcard.ecitic.com *.monext.fr *.pekao24.pl *.nonghyup.com *.acs.cmbchina.com *.comdirect.de *.mutuauniversal.net *.centrum24.pl *.acdcproc.com *.akbank.com.tr *.paylife.at *.hanacard.co.kr:* *.ufc.ge *.gpesecure.com *.cafis-paynet.jp *.lloydsbankinggroup.com *.mitid.dk *.nccc.com.tw *.cebbank.com *.rpc-raiffeisen.com *.upc.ua *.kapitalbank.az *.ukrsibbank.com *.bcc.kz:* *.cgbchina.com.cn *.klikbca.com *.sumup.com *.hpb.hr *.inecoecom.am *.redbanc.cl *.yapikredi.com.tr *.emv.acs.opentech.com *.attijariwafa.com *.areq.mpts.modirum.com:* *.bkm.com.tr:* *.3dsacs.net *.maybank.com.my *.wibmo.com *.icicibank.com *.afs.com.bh *.kaspi.kz *.ntctr.acs.danskebank.com *.optimuscards.com *.abmb.com.my *.slsp.sk *.zen.com *.sparda.de *.ecommerce.md *.spdb.com.cn:* *.smartsecure.tsys.co.uk:* *.acswbpd.ccb.com *.eahli.com *.zaba.hr *.fortebank.com *.fuib.com *.estcard.ee *.tribepayments.com *.ctbcbank.com *.armbusinessbank.am *.bancochile.cl *.cathaybk.com.tw *.soldo.com *.capitecbank.co.za *.mbank.sk *.starlingbank.com *.hitrust-us.com:9750 *.enginebystarling.net *.cardinalcommerce.com:* *.id.mastercard.bunq.com *.santander.cl *.secureacs.com *.bog.ge *.consorsbank.de *.ing.de *.icbc.com.cn *.hsbc.co.id *.rpc-raiffeisen.com:* *.stcpay.com.sa *.3dsecure-atruvia.de *.hu.bpcbt.com *.a-bank.com.ua *.ipakyulibank.uz:* bezpecne-platby.rb.cz *.bezpecne-platby.rb.cz *.santander.com.br *.2c2p.com:* *.asseco-see.hr:* particuliers.sg.fr *.particuliers.sg.fr *.bccard.com *.petafuel.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net commerce.adobe.io widgets.magentocommerce.com data: www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com *.sharethis.com *.trackedlink.net *.gigya.com 'self' data: 'unsafe-inline' data: *.magentosite.cloud panini.it *.googleapis.com *.gstatic.com bam.nr-data.net www.panini.it www.paninibelgium.com www.panini.co.il www.panini.es www.panini.co.uk www.panini.fr www.panini.ch www.panininederland.com www.paninihungary.com www.panini.pl www.paniniportugal.com www.paninistore.com www.panini.ro www.panini.com.gr www.panini.de collectibles.paniniamerica.net www.paninisuomi.com www.paninisverige.com www.paninidanmark.com www.panininorge.com *.bing.com ib.adnxs.com *.facebook.com *.tiktok.com *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.cookiebot.com *.doubleclick.net *.google.com *.google.it *.google.fr *.google.es *.google.be *.twitter.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.adyen.com *.sharethis.com jquery.sellxed.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.gigya.com https://cdnjs.cloudflare.com *.panini.it *.facebook.net *.googleapis.com js-agent.newrelic.com bam.eu01.nr-data.net bam.nr-data.net consent.cookiebot.com consentcdn.cookiebot.com *.clarity.ms cdn.noibu.com wss://*.noibu.com https://*.noibu.com *.queue-it.net *.bing.com *.sc-static.net sc-static.net *.adnxs.com *.acdn.adnxs.com acdn.adnxs.com https://players.yumpu.com *.snapchat.com *.facebook.com *.connect.facebook.net connect.facebook.net *.ads-twitter.com *.google.com *.google.it *.recaptcha.net *.tiktok.com analytics.webgains.io *.webgains.link *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.collectibles.paniniamerica.net *.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.cardinalcommerce.com cdns.eu1.gigya.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.sharethis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com 'unsafe-inline' data: *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com js-agent.newrelic.com *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.collectibles.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.adyen.com *.sharethis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.panini.it *.gigya.com *.pnn.webformat.cloud *.googleapis.com consentcdn.cookiebot.com consent.cookiebot.com *.facebook.com google.com/pay pay.google.com wss://*.noibu.com https://*.noibu.com bam.nr-data.net paninitutor-be-stage.nw.r.appspot.com paninitutor-be-prod.nw.r.appspot.com clarity.ms *.clarity.ms paniniadrenalyn.com *.paniniadrenalyn.com paninitutor-be-stage.appspot.com paninitutor-be-prod.appspot.com *.snapchat.com *.google.com *.google.it *.doubleclick.net *.pagead2.googlesyndication.com *.tiktok.com *.webgains.io *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.bing.com *.google.fr *.google.es *.google.be *.googlesyndication.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.cardinalcommerce.com myp3-cdc-global.mypanini.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src wss://*.noibu.com https://*.noibu.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';report-uri https://www.panini.fr/shp_fra_fr/webformat_csptools/report/; 1
font-src *.googleapis.com https://www.gstatic.com *.klevu.com *.ksearchnet.com https://fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com consentcdn.cookiebot.com secure.livechatinc.com *.vimeo.com *.sandbox.paypal.com schulershoes.fullslate.com tst.kaptcha.com *.socialannex.com *.socialannex.net *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com https://*.gstatic.com *.klevu.com *.ksearchnet.com https://*.google.com https://*.googleapis.com https://*.googleusercontent.com https://redchamps.com *.stats.paypal.com *.sandbox.paypal.com cdn.livechat-files.com schulershoes-magento.s3.amazonaws.com ss-stg-magento.s3.amazonaws.com jumbe.zaius.com meetanshi.com maps.googleapis.com *.socialannex.com *.socialannex.net tn.alphonso.tv *.tvsquared.com bat.bing.com www.facebook.com connect.facebook.net cdn.ywxi.net imgsct.cookiebot.com *.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com apis.google.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com https://*.gstatic.com *.klevu.com *.ksearchnet.com https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.fontawesome.com *.cookiebot.com cdn.ywxi.net *.livechatinc.com acsbapp.com *.newrelic.com *.nr-data.net d1igp3oop3iho5.cloudfront.net *.socialannex.com *.socialannex.net maxcdn.bootstrapcdn.com *.cardinalcommerce.com bat.bing.com connect.facebook.com connect.facebook.net *.mountain.com *.tvsquared.com tag.simpli.fi onlinedialogue.s3.amazonaws.com www.trustedsite.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com unpkg.com www.xtento.com cdn.xtento.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.klevu.com *.ksearchnet.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com *.vimeo.com *.socialannex.com *.socialannex.net maxcdn.bootstrapcdn.com tagmanager.google.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.klevu.com *.ksearchnet.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com s3-us-west-2.amazonaws.com *.acsbapp.com tn.alphonso.tv bat.bing.com *.livechatinc.com *.nr-data.net s3.amazonaws.com maps.google.com maps.googleapis.com *.g.doubleclick.net *.socialannex.com *.socialannex.net consentcdn.cookiebot.com www.facebook.com www.facebook.net 3.212.39.155 18.210.229.244 34.215.155.61 35.160.46.251 35.85.84.151 44.212.189.233 44.228.85.26 44.238.122.172 52.22.50.55 52.71.121.170 54.156.2.105 100.20.58.101 *.google-analytics.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com https://fonts.gstatic.com *.zopim.com *.zopim.io *.techgeese.com *.google.com *.klaviyo.com *.fabglassandmirror.com fonts.gstatic.com use.typekit.net https://*.google.com *.fontawesome.com https://www.google.com https://www.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com use.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action *.twitter.com *.amazon.com *.braintreepayments.com *.klaviyo.com *.techgeese.com *.callrail.com *.zoominfo.com *.pinimg.com *.facebook.net *.hotjar.com *.tiktok.com *.mczbf.com *.pinterest.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com https://*.google.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors self *.youtube.com *.sandbox.paypal.com www.paypal.com *.twitter.com *.techgeese.com *.klaviyo.com *.adobe.com *.google.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com https://www.youtube.com http://www.sandbox.paypal.com www.paypal.com *.twitter.com *.techgeese.com *.klaviyo.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.vimeocdn.com *.ytimg.com *.bing.com *.zopim.com *.zopim.io *.doubleclick.net *.google.com *.google.co.in *.mastercard.com *.amazon.com *.braintreepayments.com *.klaviyo.com *.techgeese.com *.fabglassandmirror.com *.facebook.com *.facebook.net *.mailchimp.com *.yotpo.com *.cloudfront.net *.googleapis.com *.payments-amazon.com *.amazonaws.com fab.glass www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com i.ytimg.com *.youtube.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.affirm.com *.affirm.ca ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://*.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com self nonce unsafe-inline unsafe-hashes *.klarna.com *.cloudflare.com *.twitter.com *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net *.googleadservices.com *.googleapis.com *.google.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bing.com *.zopim.com *.zdassets.com *.jsdelivr.net *.facebook.com *.amazon.com *.braintreepayments.com *.braintreegateway.com *.techgeese.com *.klaviyo.com *.wisernotify.com *.fabglassandmirror.com *.affirm.com *.yotpo.com *.callrail.com *.zoominfo.com *.pinimg.com *.facebook.net *.hotjar.com wss://ws.hotjar.com/ *.hotjar.io *.tiktok.com *.mczbf.com *.pinterest.com *.paypal.com *.swellrewards.com *.ytimg.com *.payments-amazon.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.ca chimpstatic.com downloads.mailchimp.com *.list-manage.com widget.freshworks.com m2epro.freshdesk.com https://*.google.com *.leadsy.ai https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com swellrewards.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.fontawesome.com *.bing.com *.amazon.com *.braintreepayments.com *.techgeese.com *.klaviyo.com *.fabglassandmirror.com *.wisernotify.com *.yotpo.com *.callrail.com *.zoominfo.com *.pinimg.com *.facebook.net *.hotjar.com *.tiktok.com *.mczbf.com *.pinterest.com fonts.googleapis.com downloads.mailchimp.com widget.freshworks.com m2epro.freshdesk.com https://*.google.com https://static.klaviyo.com *.google.com assets.braintreegateway.com tagmanager.google.com swellrewards.com *.swellrewards.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.techgeese.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com *.cloudflare.com *.twitter.com *.paypal.com *.facebook.com *.gstatic.com *.twimg.com *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com *.google-analytics.com https://stats.g.doubleclick.net *.googletagmanager.com *.google.com *.amazon.com *.braintree.com *.klaviyo.com googleads.g.doubleclick.net *.callrail.com *.zoominfo.com *.pinimg.com *.facebook.net *.hotjar.com *.tiktok.com *.mczbf.com *.pinterest.com *.techgeese.com wss://techgeese.com:6001/ *.wisermapp.com *.azurewebsites.net wss://ws.hotjar.com/ *.hotjar.io *.fabglassandmirror.com api.rollbar.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com google.com *.adobe.io performance.typekit.net *.sentry.io *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.affirm.com *.affirm.ca widget.freshworks.com m2epro.freshdesk.com *.yotpo.com https://*.google.com *.bing.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.punchout2go.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com maps.googleapis.com chart.googleapis.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.punchout2go.com www.youtube.com js.stripe.com *.hotjar.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.trackedlink.net *.klevu.com *.ksearchnet.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.facebook.com bat.bing.com *.google.com *.google.co.uk *.googleadservices.com *.google-analytics.com *.magentocommerce.com *.widgets.magentocommerce.com *.paypalobjects.com *.postcodeanywhere.co.uk paypal.com *.feefo.com *.doubleclick.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com maps.googleapis.com chart.googleapis.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ player.vimeo.com *.youtube.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.punchout2go.com connect.facebook.net js-agent.newrelic.com bam.nr-data.net *.google.com *.feefo.com *.googlecommerce.com *.bing.com *.pingdom.net *.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com *.punchout2go.com services.postcodeanywhere.co.uk fonts.googleapis.com *.typekit.net 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com maps.googleapis.com chart.googleapis.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.hotjar.com wss://ws.hotjar.com *.hotjar.io *.pingdom.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 127.0.0.1:8182 127.0.0.1:8888 127.0.0.1:5005; frame-src 'self'; object-src 'self'; report-uri /cspreportonly; 1
font-src use.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.weltpixel.com *.multisafepay.com https://pay.google.com *.addthis.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * self 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.multisafepay.com *.gstatic.com https://www.magezon.com quickchart.io img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com 'self' data: www.google.com.ua self secure.adnxs.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.multisafepay.com https://pay.google.com https://www.googletagmanager.com tagmanager.google.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com app.aiden.cx ar.configwise.io *.criteo.com *.criteo.net *.google-analytics.com *.googletagmanager.com static.widget.trengo.eu *.googleapis.com data.tuinmeubelland.nl https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.multisafepay.com tagmanager.google.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com fonts.google.com 'self' 'unsafe-inline'; object-src none 'self' 'unsafe-inline'; media-src *.adobe.com self 'self' 'unsafe-inline'; manifest-src self 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.multisafepay.com https://www.google-analytics.com ekr.zdassets.com/ *.addthis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com ar.configwise.io *.googleapis.com api.widget.trengo.eu *.analytics.google.com *.googletagmanager.com data.tuinmeubelland.nl https: 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com self 'self' 'unsafe-inline' 'unsafe-eval'; base-uri self 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: http://www.groupe.schmidt https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://axeptio.imgix.net https://*.axept.io https://*.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.axept.io https://*.googletagmanager.com https://*.googleapis.com https://cdnjs.cloudflare.com blob: *.google.com https://*.gstatic.com; font-src 'self' 'unsafe-eval' data: https://fonts.gstatic.com; connect-src 'self' https://*.axept.io https://*.axeptio.eu https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://cdnjs.cloudflare.com; frame-src 'self' *.google.com data: https://*.youtube.com https://*.youtube-nocookie.com; 1
object-src 'none';base-uri 'self';script-src 'nonce-qjpIMyI_oWWOJLo0m2XpKw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; font-src 'self' *.typekit.net *.gstatic.com https://widget.whisbi.com https://maxcdn.bootstrapcdn.com data:; script-src 'self' *.typekit.net *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.facebook.net *.ads-twitter.com https://wurfl.io https://config1.veinteractive.com https://static.whisbi.com https://px.veinteractive.com https://api.ipify.org https://library.whisbi.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com widget.whisbi.com https://nebula-cdn.kampyle.com https://www.irishlife.ie https://script.crazyegg.com https://secure.quantserve.com https://snap.licdn.com https://bat.bing.com https://asset.gomoxie.solutions https://screencapture.kampyle.com https://screencaptue-cdn.kampyle.com https://cdn.cookielaw.org/scripttemplates/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://rules.quantcount.com/rules-p-YVPTYyQxqBHy-.js https://analytics.twitter.com/i/ https://cdn.cookielaw.org/consent/f16f9427-5e76-4da0-81ad-7617fbf6cdf4/OtAutoBlock.js  https://cdn.cookielaw.org/ https://bat.bing.com/ https://cdn.cookielaw.org/ https://cdnjs.cloudflare.com/ https://googleads.g.doubleclick.net/ https://platform.twitter.com/ https://player.vimeo.com/ https://rules.quantcount.com/ https://script.crazyegg.com/ https://secure.quantserve.com/ https://static.ads-twitter.com/ https://www.google-analytics.com/ https://www.pagespeed-mod.com/ https://www.permanenttsb.ie/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.typekit.net https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://widget.whisbi.com https://www.irishlife.ie https://script.crazyegg.com *.gomoxie.solutions https://config1.veinteractive.com/scripts/ https://cdn.honey.io/ https://md-scp.kampyle.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ 'unsafe-inline'; frame-src 'self' *.googletagmanager.com *.google.com *.vimeo.com  *.fls.doubleclick.net https://www.irishlife.ie https://config1.veinteractive.com https://script.crazyegg.com *.fls.doubleclick.net https://nebula-cdn.kampyle.com *.gomoxie.solutions https://permanenttsb.ehosts.net https://pay.realexpayments.com/ https://block.opendns.com/ https://filter.techloq.com/ https://gateway.zscalerthree.net/ https://gateway.zscalertwo.net/ https://td.doubleclick.net/ https://www.youtube.com/ https://zscaler-blockpage.endress.com/ https://zswpmanager.wip.mmc.com/;img-src 'self' *.google.ie *.typekit.net *.google-analytics.com *.gstatic.com *.googleapis.com *.google.com *.fls.doubleclick.net https://stats.g.doubleclick.net https://udc-neb.kampyle.com data: about: https://a.volvelle.tech https://x.bidswitch.net https://cookiee1.veinteractive.com https://www.irishlife.ie https://nebula-cdn.kampyle.com https://moxie-concierge.s3.amazonaws.com https://asset.gomoxie.solutions https://bat.bing.com/action/ https://t.co/i/ https://www.google.co.uk/pagead/ https://pixel.quantserve.com/ https://px.ads.linkedin.com/ https://www.facebook.com/tr/ https://p.adsymptotic.com/d/px/ https://www.linkedin.com/px/ https://www.google.co.uk/ads/ https://cdn.cookielaw.org/logos/ https://ad.doubleclick.net/ddm/ https://www.googletagmanager.com/ https://px4.ads.linkedin.com/ https://analytics.twitter.com/ https://ad.doubleclick.net/https://analytics.twitter.com/ https://i.vimeocdn.com/ https://i.ytimg.com/ https://lh3.ggpht.com/ https://pixel.quantserve.com/ https://prreqcroab.icu/ https://t.co/ https://udc-neb.kampyle.com/ https://www.google.ae/ https://www.google.at/ https://www.google.be/ https://www.google.ca/ https://www.google.ch/ https://www.google.co.il/ https://www.google.co.in/ https://www.google.co.nz/ https://www.google.co.th/ https://www.google.co.uk/ https://www.google.com/ https://www.google.com.ar/ https://www.google.com.au/ https://www.google.com.br/ https://www.google.com.co/ https://www.google.com.gi/ https://www.google.com.kh/ https://www.google.com.ng/ https://www.google.com.pe/https://www.google.com.sa/ https://www.google.cz/ https://www.google.de/ https://www.google.ee/ https://www.google.es/ https://www.google.fr/ https://www.google.gr/ https://www.google.hu/ https://www.google.im/ https://www.google.it/ https://www.google.lu/ https://www.google.nl/ https://www.google.pl/ https://www.google.pt/ https://www.google.ro/ https://www.permanenttsb.ie/ https://ad.doubleclick.net/;connect-src 'self' *.typekit.net *.google-analytics.com https://www.google.co.uk/ads/ https://bats.bing.com https://analytics.google.com/ https://privacyportal-de.onetrust.com https://cookiee1.veinteractive.com https://api.whisbi.com https://sessionapi.veinteractive.com https://dtrc.veinteractive.com https://apps.irishlife.ie https://script.crazyegg.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com *.gomoxie.solutions https://asset.gomoxie.solutions https://cdn.cookielaw.org/consent/ https://cdn.cookielaw.org/scripttemplates/ https://panel-settings-cdn-e1.ve.com/panelsettings/live/ https://stats.g.doubleclick.net/ https://panel-settings-cdn-e1.ve.com https://tracking.crazyegg.com/ https://pagestates-tracking.crazyegg.com/healthcheck https://assets-tracking.crazyegg.com/healthcheck https://fontawesome.com/ https://cookies-data.onetrust.io/bannersdk/ https://panel-settings-cdn-e1.veinteractive.com/da20settings/live/ https://region1.analytics.google.com/g/ https://drs2.veinteractive.com/ https://bat.bing.com/actionp/ https://adservice.google.com/ https://api.blocksly.org/ https://api.datacloudstat.com/ https://api.solarspireconsulting.com/ https://maps.googleapis.com/ https://pixel.quantcount.com/ https://stats.g.doubleclick.net/ https://translate.googleapis.com/ https://wurfl.io/ https://www.google.ie/ https://cdn.cookielaw.org/ ;worker-src 'self' blob:;object-src 'self' blob:; report-uri /api/contentSecurityPolicy/log 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net *.cloudflare.com *.twitter.com https://www.gstatic.com *.googleapis.com *.fontawesome.com *.bootstrapcdn.com *.bunny.net *.jsdelivr.net https://fonts.gstatic.com www.prontowonen.nl data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.prontowonen.nl 'self' 'unsafe-inline'; frame-ancestors www.prontowonen.nl 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.twitter.com *.moz.com *.google.com/ https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.prontowonen.nl 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net *.cloudflare.com *.cloudfront.com *.cloudfront.net placehold.co *.googleadservices.com *.google-analytics.com *.twitter.com *.amazonaws.com *.mailcampaigns.nl https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: www.prontowonen.nl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.cloudflare.com *.twitter.com *.google-analytics.com googletagmanager.com *.google.com/ *.visualwebsiteoptimizer.com https://*.gstatic.com *.trustedshops.com *.fontawesome.com apis.google.com graph.facebook.com *.trengo.eu *.getflowbox.com *.mailcampaigns.nl *.hotjar.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com www.prontowonen.nl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com *.mailcampaigns.nl *.bunny.net https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.googletagmanager.com assets.braintreegateway.com www.prontowonen.nl 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.trengo.eu www.prontowonen.nl 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io *.cloudflare.com *.twitter.com *.trengo.eu *.getflowbox.com *.mailcampaigns.nl https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com www.prontowonen.nl 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.prontowonen.nl http: https: blob: 'self' 'unsafe-inline'; default-src www.prontowonen.nl 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src static.hsappstatic.net;  media-src greenpeace.org.au *.greenpeace.org.au; script-src * 'unsafe-inline' 'unsafe-eval';  style-src *  'unsafe-inline';  img-src * data:;  base-uri   'self'; form-action 'self' https://www.facebook.com https://forms.hsforms.com; font-src greenpeace.org.au *.greenpeace.org.au fonts.gstatic.com maxcdn.bootstrapcdn.com use.fontawesome.com https://*.hubspotusercontent30.net https://8586633.fs1.hubspotusercontent-na1.net https://script.hotjar.com https://vc.hotjar.io https://cdn-custom.optimonk.com data:;  frame-src *;  connect-src 'self' *.doubleclick.net analytics.google.com https://*.analytics.google.com *.google-analytics.com *.hotjar.com https://metrics.hotjar.io https://stripe-payments-dot-gpap-engineering.appspot.com https://bat.bing.com https://www.facebook.com https://www.greenpeace.org.au https://*.hotjar.com https://vc.hotjar.io https://content.hotjar.io https://events.hotjar.io https://surveystats.hotjar.io wss://*.hotjar.com https://forms.hsforms.com https://api.hubspot.com https://cta-service-cms2.hubspot.com https://forms.hubspot.com https://cp.hubspot.com https://ec.instapagemetrics.com https://heatmap-events-collector.instapage.com https://www.google.com https://www.google.com.au/ads/ga-audiences https://pagead2.googlesyndication.com https://adservice.google.com https://api.omappapi.com https://sentry.io https://pixels.spotify.com https://api.stripe.com https://analytics.tiktok.com https://cds.taboola.com https://trc.taboola.com https://trc-events.taboola.com https://psb.taboola.com https://pips.taboola.com https://*.convertexperiments.com https://px.ads.linkedin.com https://*.optimonk.com; report-uri https://o196544.ingest.sentry.io/api/6683985/security/?sentry_key=223a0fdbcdce4e2aadda1caa22c16eab 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://gtm.moneybird.nl https://gtm.moneybird.de https://gtm.moneybird.com https://www.google-analytics.com https://www.youtube.com https://maps.googleapis.com https://bat.bing.com https://*.demio.com https://d3s4clg74dg0wr.cloudfront.net https://zapier.com https://www.clarity.ms https://static.homerun.co https://unpkg.com/@googlemaps/ https://euc-widget.freshworks.com https://moneybird.freshdesk.com; style-src 'self' 'unsafe-inline' https://moneybird.nl https://www.moneybird.nl https://www.googletagmanager.com https://gtm.moneybird.nl https://gtm.moneybird.de https://gtm.moneybird.com https://www.gstatic.com https://d3s4clg74dg0wr.cloudfront.net https://fonts.googleapis.com https://*.demio.com https://static.homerun.co https://fonts.bunny.net https://euc-widget.freshworks.com https://moneybird.freshdesk.com; img-src 'self' https://moneybird.nl https://www.moneybird.nl https://prismic-io.s3.amazonaws.com https://images.prismic.io https://dl6oytjgv033w.cloudfront.net https://www.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://gtm.moneybird.nl https://gtm.moneybird.de https://gtm.moneybird.com https://www.google.nl https://www.google.com https://i.ytimg.com https://maps.gstatic.com https://csi.gstatic.com https://maps.googleapis.com https://bat.bing.com https://zapier.com https://cdn.zapier.com https://euc-widget.freshworks.com https://moneybird.freshdesk.com data:; object-src 'self' https://www.youtube-nocookie.com https://www.youtube.com; connect-src 'self' https://moneybird.nl https://www.moneybird.nl https://help.moneybird.nl https://bat.bing.com https://gtm.moneybird.nl https://gtm.moneybird.com https://gtm.moneybird.de https://pagead2.googlesyndication.com https://*.google-analytics.com https://www.gstatic.com https://moneybird.com https://www.moneybird.com https://homerun.co https://stats.g.doubleclick.net https://*.demio.com https://j.clarity.ms https://embed.homerun.co https://maps.googleapis.com https://euc-widget.freshworks.com https://moneybird.freshdesk.com; frame-src 'self' https://www.googletagmanager.com https://gtm.moneybird.nl https://gtm.moneybird.de https://gtm.moneybird.com https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://moneybird.clickwebinar.com https://w.soundcloud.com https://euc-widget.freshworks.com https://moneybird.freshdesk.com; font-src 'self' https://moneybird.nl https://www.moneybird.nl https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.bunny.net data:; report-uri https://moneybird.com/csp_report; 1
script-src 'unsafe-hashes' 'sha256-5lSQFTOMNNoGBLbrC6eUxpYeuyBQW52hLO9rR85ASEA=' https: http: 'nonce-1rij8ytJmuFHomR1iTeLWXhpRevNLK6Xb3mE7QGZB/8=' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic';object-src 'none';frame-ancestors 'none';base-uri 'none';report-uri /api/csp-report 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google.com www.gstatic.com ssl.google-analytics.com script.crazyegg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com; img-src 'self' ssl.google-analytics.com; font-src fonts.gstatic.com maxcdn.bootstrapcdn.com www.huttig.com; connect-src 'self' script.crazyegg.com www.google-analytics.com; media-src 'self'; object-src; prefetch-src 'self'; child-src; frame-src 'self' www.google.com; worker-src; frame-ancestors 'self'; form-action 'self'; block-all-mixed-content; base-uri 'self'; manifest-src 'self'; report-uri /csp_report; 1
object-src 'none';base-uri 'self';script-src 'nonce-3e8JIDTDEfiObI69IwoQYQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.gstatic.com data: fonts.googleapis.com fonts.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com https://service.xesto.io https://staging-xesto-service.xesto.io https://api.boldcommerce.com https://plumrocket.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com https://service.xesto.io https://staging-xesto-service.xesto.io https://static.boldcommerce.com https://static.xx.fbcdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.gstatic.com fonts.googleapis.com https://service.xesto.io https://staging-xesto-service.xesto.io https://api.boldcommerce.com https://static.xx.fbcdn.net https://connect.facebook.net https://cdnjs.cloudflare.com https://cashier.boldcommerce.com/assets/experience/flow_sdk.js https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com tagmanager.google.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://service.xesto.io https://staging-xesto-service.xesto.io https://api.boldcommerce.com https://api.staging.boldcommerce.com https://cashier.boldcommerce.com https://graph.facebook.com https://secure.boldcommerce.com https://secure.staging.boldcommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.be2bill.com *.integration-cb4x.fr *.cb4x.fr 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.trustpilot.com *.googlesyndication.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.google.com *.abtasty.com *.cookielaw.org *.avatacar.com *.bazaarvoice.com bat.bing.com *.googlesyndication.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google.fr https://api.mapbox.com *.tile.openstreetmap.org https://maps.googleapis.com https://maps.gstatic.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.abtasty.com *.avatacar.com *.be2bill.com *.cookielaw.org *.googlesyndication.com *.bazaarvoice.com *.trustpilot.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net *.realytics.io *.realytics.net bat.bing.com s.kk-resources.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io https://cdnjs.cloudflare.com https://maps.googleapis.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com display.ugc.bazaarvoice.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.abtasty.com *.googleapis.com *.cookielaw.org *.googlesyndication.com *.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net bat.bing.com *.realytics.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io https://nominatim.openstreetmap.org t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com cloud.webtype.com use.fontawesome.com *.hotjar.com oppwa.com *.oppwa.com *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com oppwa.com *.oppwa.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.adyen.com *.awin1.com *.zenaps.com *.fls.doubleclick.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com *.cookiebot.com www.youtube.com vars.hotjar.com oppwa.com *.oppwa.com *.adventr.io *.mainadv.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com *.awin1.com *.zenaps.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com pls.webtype.com www.w3.org data: www.google.com www.google.de www.google.com.ua googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com *.ytimg.com bat.bing.com head.locally.com *.hotjar.com img.youtube.com *.oppwa.com oppwa.com *.ometria.com *.crobox.io *.crobox.com https://a.klaviyo.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adyen.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com jquery.sellxed.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com js-agent.newrelic.com bam.nr-data.net www.google.com *.googleapis.com *.scarabresearch.com head.locally.com bat.bing.com hit.uptrendsdata.com/ static.hotjar.com script.hotjar.com www.googleadservices.com *.cookiebot.com connect.getflowbox.com www.gstatic.com *.abtasty.com *.oppwa.com oppwa.com *.ometria.com *.upsellit.com *.crobox.io https://static.klaviyo.com https://fast.a.klaviyo.com *.yotpo.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com cloud.webtype.com use.fontawesome.com oppwa.com *.oppwa.com *.typenetwork.com *.fontawesome.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com https://the.sciencebehindecommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com bam.nr-data.net webchannel-content.eservice.emarsys.net recommender-eu.scarabresearch.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.hotjar.com *.hotjar.io wss://*.hotjar.com oppwa.com *.oppwa.com hit.uptrendsdata.com/ *.abtasty.com *.paypal.com https://static.klaviyo.com https://fast.a.klaviyo.com *.yotpo.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-c8chyezm4bxqufiLuIgTHA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; img-src 'self'; script-src 'unsafe-eval' 'unsafe-inline'; report-uri https://njunktr7.uriports.com/reports/report; report-to default 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com *.simonetti.com.br *.chernobyl.pentagrama:8001 *.smarthint.co https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2 https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.ttf data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://h.online-metrix.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://h.online-metrix.net *.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.paypal.com * *.simonetti.com.br *.chernobyl.pentagrama:8001 *.smarthint.co *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com https://h.online-metrix.net *.d.aa.online-metrix.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.simonetti.com.br *.chernobyl.pentagrama:8001 *.smarthint.co *.confi.com.vc maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com https://h.online-metrix.net *.cardinalcommerce.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.simonetti.com.br *.chernobyl.pentagrama:8001 *.smarthint.co *.confi.com.vc *.newrelic.com bam.nr-data.net maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.simonetti.com.br *.chernobyl.pentagrama:8001 *.smarthint.co https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2 https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.ttf *.confi.com.vc 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.simonetti.com.br *.chernobyl.pentagrama:8001 *.smarthint.co *.confi.com.vc 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://h.online-metrix.net https://mpisandbox.braspag.com.br/v2/3ds/validate https://writer.cardinalcommerce.com/stag/log https://mpisandbox.braspag.com.br/v2/3ds/enroll https://centinelapistag.cardinalcommerce.com/V1/Order/JWT/Continue *.amazonaws.com *.braspag.com.br https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.simonetti.com.br *.chernobyl.pentagrama:8001 *.smarthint.co *.confi.com.vc *.newrelic.com bam.nr-data.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://www.gstatic.com data: *.googleapis.com *.fontawesome.com https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com https://player.vimeo.com https://www.youtube-nocookie.com landofcoder.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://www.gstatic.com https://player.vimeo.com https://www.youtube.com https://unpkg.com https://*.cloudfront.net landofcoder.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com maps.googleapis.com assets.shipperhq.com https://www.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io https://uploader.orbus.com wss://uploader.orbus.com https://unpkg.com https://s3.amazonaws.com https://settings.luckyorange.net landofcoder.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com ovs.shipperhq.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com *.fontawesome.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com js.stripe.com *.useinsider.com hit.api.useinsider.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.buckaroo.nl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.stripe.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl *.useinsider.com hit.api.useinsider.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.fontawesome.com *.trustpilot.com *.addtoany.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl http://dpm.demdex.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src maxcdn.bootstrapcdn.com fonts.gstatic.com *.yotpo.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com account.fetchify.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.google.com *.facebook.com *.paypal.com *.paypalobjects.com *.braintreegateway.com storage.googleapis.com *.livechatinc.com *.kaptcha.com *.doubleclick.net *.instagram.com sibautomation.com *.brevo.com *.sibforms.com cutlistevo.com *.trustpilot.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.google.com *.google.co.uk paypal-eu-arh.cloudiq.com *.paypal.com *.bing.com *.googletagmanager.com *.cloudfront.net *.yotpo.com *.clarity.ms *.luckyorange.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com *.googletagmanager.com *.googleoptimize.com *.livechatinc.com *.facebook.net *.bing.com googleads.g.doubleclick.net paypal-eu-cdn.cloudiq.com *.paypal.com *.cloudfront.net *.craftyclicks.co.uk *.luckyorange.com *.clarity.ms *.qeryz.net *.instagram.com *.debugbear.com *.sendinblue.com sibautomation.com *.brevo.com https://cdn.jsdelivr.net/npm/@growthbook/growthbook/dist/bundles/index.js *.trustpilot.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com cc-cdn.com maxcdn.bootstrapcdn.com unsafe-inline *.googleapis.com *.cloudfront.net *.luckyorange.com *.myfonts.net *.stackpathcdn.com *.trustpilot.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google.com stats.g.doubleclick.net *.luckyorange.com settings.luckyorange.net wss://realtime.luckyorange.com wss://visitors.live wss://in.visitors.live *.facebook.com *.paypal.com *.clarity.ms qeryz.com *.googleapis.com *.googlesyndication.com *.brevo.com *.debugbear.com *.growthbook.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.trustpilot.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-hGENuJpvKrcjytFRPelgJQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com font.static.useinsider.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com www.facebook.com *.yotpo.com *.amazon.co.uk 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.facebook.com www.youtube.com s7.addthis.com c.paypal.com assets.braintreegateway.com tst.kaptcha.com templespa.api.useinsider.com *.yotpo.com *.paypalobjects.com *.criteo.com *.criteo.net 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.adyen.com www.facebook.com *.templespa.com b.stats.paypal.com c.paypal.com dub.stats.paypal.com services.postcodeanywhere.co.uk stats.g.doubleclick.net bat.bing.com consent.linksynergy.com www.google.co.uk ut.ra.linksynergy.com nypi.dc-storm.com consent.nxtck.com consent.mediaforge.com consent.jrs5.com consent.dc-storm.com tcrnbekl.cdn.imgeng.in px.ads.linkedin.com ut.rd.linksynergy.com www.linkedin.com *.useinsider.com cx.atdmt.com https://images.unsplash.com *.yotpo.com https://img.youtube.com cdn.cookielaw.org *.pubmatic.com *.doubleclick.net x.bidswitch.net ib.adnxs.com *.smartadserver.com *.taboola.com *.omnitagjs.com *.casalemedia.com *.criteo.com sync.1rx.io id5-sync.com *.360yield.com matching.ivitrack.com *.media.net *.mediavine.com *.postrelease.com *.outbrain.com *.rubiconproject.com *.sharethrough.com *.teads.tv *.tremorhub.com *.3lift.com *.yieldlab.net *.yieldmo.com *.emxdgt.com *.adform.net *.unrulymedia.com *.media-amazon.com *.payments-amazon.com *.imgeng.in *.dmxleo.com *.cdn.imgeng.in data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com connect.facebook.net s7.addthis.com js.braintreegateway.com c.paypal.com z.moatads.com v1.addthisedge.com m.addthis.com *.pcapredict.com assets.zendesk.com static.zdassets.com widget-mediator.zopim.com apps.elfsight.com services.postcodeanywhere.co.uk www.google.com www.gstatic.com js-agent.newrelic.com songbirdstag.cardinalcommerce.com bat.bing.com d2uor4thmqxhbf.cloudfront.net tag.rmp.rakuten.com bam.nr-data.net snap.licdn.com analytics.tiktok.com cdn.cookielaw.org geolocation.onetrust.com *.api.useinsider.com bam-cell.nr-data.net *.yotpo.com paypal-eu-cdn.cloudiq.com *.criteo.com *.payments-amazon.com *.vimeo.com *.cdn.imgeng.in 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com cloud.typography.com services.postcodeanywhere.co.uk assets.api.useinsider.com *.templespa.com *.yotpo.com *.googleapis.com *.adobedtm.com *.cdn.imgeng.in 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net qa-api.magedevteam.com *.adyen.com static.zdassets.com/ *.braintreegateway.com *.braintree-api.com ekr.zdassets.com templespa.zendesk.com wss://widget-mediator.zopim.com services.postcodeanywhere.co.uk stats.g.doubleclick.net cdn.cookielaw.org analytics.tiktok.com m.addthis.com bat.bing.com *.api.useinsider.com bam-cell.nr-data.net carrier.useinsider.com ekr.zdassets.com/ *.yotpo.com *.criteo.com px.ads.linkedin.com logapi.templespa.com *.google.com *.onetrust.com *.googlesyndication.com *.doubleclick.net *.google-analytics.com *.amazon.com *.eu01.nr-data.net *.useinsider.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net www.gstatic.com widget.freshworks.com; style-src 'self' 'unsafe-inline' www.gstatic.com fonts.googleapis.com use.fontawesome.com widget.freshworks.com; img-src 'self' data: *.climateinteractive.org www.googletagmanager.com www.gstatic.com widget.freshworks.com; font-src 'self' data: fonts.gstatic.com use.fontawesome.com; connect-src 'self' www.google-analytics.com widget.freshworks.com climateinteractive.freshdesk.com; child-src www.google.com www.youtube.com app.mapline.com; report-to /csp-reports 1
object-src 'none';base-uri 'self';script-src 'nonce-pL-ZPgxKJ2pS0cuE7wB6jA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/health_google 1
font-src fonts.gstatic.com fonts.googleapis.com cdn.jsdelivr.net *.almapay.com https://cdnjs.cloudflare.com localhost *.louispion.fr *.evermaps.io *.octipas.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com localhost *.louispion.fr *.evermaps.io *.nosto.com *.nos.to *.octipas.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.doubleclick.net *.facebook.com *.criteo.com *.leadplace.fr *.pinterest.com *.vimeo.com *.rolex.com localhost *.louispion.fr *.evermaps.io *.nosto.com *.nos.to *.octipas.net https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.cookielaw.org *.stickyadstv.com *.bing.com *.facebook.com *.teads.tv *.rubiconproject.com *.dmxleo.com *.liadm.com *.outbrain.com *.taboola.com *.smartadserver.com *.3lift.com *.360yield.com *.pubmatic.com *.casalemedia.com *.media.net *.adform.net *.omnitagjs.com *.sharethrough.com *.ivitrack.com *.mediavine.com *.smaato.net *.doubleclick.net *.yahoo.com *.emxdgt.com *.tremorhub.com *.adnxs.com *.analytics.yahoo.com *.bidswitch.net *.criteo.com *.thebrighttag.com *.krxd.net *.yieldmo.com id5-sync.com *.yieldlab.net *.pinterest.com *.rolex.com localhost *.louispion.fr *.evermaps.io *.nosto.com *.nos.to *.octipas.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.google.fr https://api.mapbox.com *.tile.openstreetmap.org https://maps.googleapis.com https://maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill-fastly.io cdn.jsdelivr.net maps.googleapis.com maps.gstatic.com fonts.googleapis.com player.vimeo.com connect.nosto.com *.google.com *.gstatic.comm *.googleapis.com *.newrelic.com *.nr-data.net *.googletagmanager.com *.cookielaw.org *.early-birds.fr *.msecnd.net *.onetrust.com *.beeroot.io *.bing.com *.facebook.net *.facebook.com advgame.fr *.cloudfront.net *.teads.tv *.doubleclick.net *.clarity.ms *.criteo.net *.criteo.com *.adnxs.com *.leadplace.fr *.pinimg.com *.h1d3n0tsoo-staging-easiwebforms.net *.easiconnect.io *.adleadevent.com *.rolex.com *.booxi.eu *.naver.net payment.direct.worldline-solutions.com https://cdnjs.cloudflare.com localhost *.louispion.fr *.evermaps.io *.nosto.com *.nos.to *.octipas.net http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com *.googletagmanager.com https://fonts.googleapis.com https://cdnjs.cloudflare.com localhost *.louispion.fr *.evermaps.io *.nosto.com *.nos.to *.octipas.net *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src localhost *.louispion.fr *.evermaps.io 'self' 'unsafe-inline'; media-src *.adobe.com localhost *.louispion.fr *.evermaps.io *.youtube-nocookie.com *.octipas.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.getalma.eu ct.pinterest.com *.google.com *.gstatic.comm *.googleapis.com *.nr-data.net *.cookielaw.org *.onetrust.com *.clarity.ms *.advalo.com *.teads.tv *.beeroot.io *.bing.com *.pinterest.com *.googlesyndication.com *.adleadevent.com *.abstractapi.com *.data.gouv.fr *.rolex.com localhost *.louispion.fr *.evermaps.io *.nosto.com *.nos.to *.octipas.net http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://nominatim.openstreetmap.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline'; child-src localhost *.louispion.fr *.evermaps.io assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleapis.com www.googletagmanager.com logs1412.xiti.com www.google.com cdn.cookielaw.org adservice.google.com *.onetrust.com *.gstatic.com *.doubleclick.net tag.aticdn.net numberly.qualifioapp.com kwptg.kantarworldpanel.fr cdnjs.cloudflare.com files.qualifio.com scripts.qualifioapp.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-9L7DxPlVAMTmWKLcWuYYCQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.cloudflare.com *.bootstrapcdn.com *.dhlparcel.nl *.fontawesome.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com 'self' connect.facebook.net graph.facebook.com business.facebook.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ *.google.com www.google.com *.doubleclick.net www.facebook.com *.addthis.com *.hotjar.com *.cookiebot.com consentcdn.cookiebot.eu www.xtento.com js.mollie.com *.trustpilot.com connect.facebook.net graph.facebook.com business.facebook.com *.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com validator.swagger.io *.googleapis.com *.gstatic.com *.google.nl *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com forza-refurbished.nl *.forza-refurbished.nl *.bluebirdday.io *.amazonaws.com *.google.com *.bing.com *.trustpilot.com *.trustpilot.net *.clarity.ms www.xtento.com cdn.xtento.com https://www.mollie.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ connect.facebook.net graph.facebook.com business.facebook.com https://redchamps.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.vimeocdn.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ apis.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.gstatic.com *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.trengo.eu *.addthis.com *.addthisedge.com *.moatads.com chimpstatic.com *.cookiebot.com *.dhlparcel.nl *.bing.com *.hotjar.com *.trustpilot.com *.clarity.ms consent.cookiebot.eu consentcdn.cookiebot.eu s7.addthis.com www.xtento.com cdn.xtento.com js.mollie.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.dhlparcel.nl *.trustpilot.com https://static.klaviyo.com *.fontawesome.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.trengo.eu 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.google-analytics.com www.facebook.com *.facebook.net *.google.com *.addthis.com *.trengo.eu *.bing.com *.hotjar.com *.doubleclick.net *.trustpilot.com *.clarity.ms *.cookiebot.com consent.cookiebot.eu consentcdn.cookiebot.eu ekr.zdassets.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io connect.facebook.net graph.facebook.com business.facebook.com t.elasticsuite.io *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src *.typekit.net fonts.gstatic.com use.typekit.net *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com https://celebrosnlp.com *.celebrosnlp.com *.gstatic.com *.mypurecloud.com *.cloudflare.com *.adnxs.com *.thecpapshop.com *.paypalobjects.com *.doubleclick.net *.adacado.com *.authorize.net *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com *.espssl.com CPapShopM2-search.celebros.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.mypurecloud.com *.cloudflare.com *.adnxs.com *.thecpapshop.com *.paypalobjects.com *.doubleclick.net *.adacado.com *.authorize.net *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.braintreegateway.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.getbread.com *.breadpayments.com *.rbcpayplan.com *.lpsnmedia.net *.salecycle.com *.facebook.com *.adsrvr.org *.mypurecloud.com *.cloudflare.com *.adnxs.com *.thecpapshop.com *.paypalobjects.com *.doubleclick.net *.adacado.com *.authorize.net *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net p.typekit.net widgets.automizely.com widgets.automizely.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.alothemes.com *.magepow.com *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com store.paradoxlabs.com *.listrakbi.com *.bing.com *.lpsnmedia.net *.amazonaws.com *.routeapp.io *.mypurecloud.com *.adnxs.com *.cloudflare.com *.thecpapshop.com *.paypalobjects.com *.doubleclick.net *.adacado.com *.authorize.net *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com *.adsrvr.org celebrosnlp.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net ajax.googleapis.com fonts.googleapis.com widgets.automizely.com widgets.automizely.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.getbread.com *.breadpayments.com *.rbcpayplan.com *.alothemes.com *.magepow.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.authorize.net cdn.routeapp.io *.listrak.com *.listrakbi.com *.liveperson.net *.lpsnmedia.net *.nr-data.net *.newrelic.com *.tiqcdn.com *.bing.com *.cybba.solutions *.cloudfront.net *.adsrvr.org *.facebook.net *.pepperjam.com *.gstatic.com *.rtb123.com *.googleapis.com *.routeapp.io *.mypurecloud.com https://sentry.io *.sentry.io *.cloudflare.com *.adnxs.com *.paypalobjects.com *.doubleclick.net *.adacado.com *.thecpapshop.com *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com celebrosnlp.com *.celebros.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widgets.automizely.com widgets.automizely.io *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com *.listrak.com *.listrakbi.com *.googleapis.com *.mypurecloud.com *.cloudflare.com *.adnxs.com *.thecpapshop.com *.paypalobjects.com *.doubleclick.net *.adacado.com *.authorize.net *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com celebrosnlp.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com *.adobe.io performance.typekit.net *.sentry.io api.automizely.com api.automizely.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.getbread.com *.breadpayments.com *.rbcpayplan.com *.alothemes.com *.magepow.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.authorize.net api.route.com *.listrak.com *.listrakbi.com *.nr-data.net *.newrelic.com *.sandbox.paypal.com *.googleadservices.com *.doubleclick.net *.salescycle.com wss://ws.salescycle.com *.salecycle.com wss://ws.salecycle.com *.facebook.com https://www.facebook.com *.googleapis.com *.route.com *.adnxs.com *.mypurecloud.com wss://webmessaging.mypurecloud.com *.cloudflare.com *.thecpapshop.com *.paypalobjects.com *.adacado.com *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com *.pro.ip-api.com *.ip-api.com *.amazonaws.com *.breadgateway.net *.bing.com *.celebros.com *.celebros.com:446 *.celebros-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://smartsolutions.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
font-src fonts.gstatic.com maxcdn.bootstrapcdn.com 'self' data: cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ servicepoints.sendcloud.sc c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * widget.trustpilot.com www.google.com www.youtube.com consentcdn.cookiebot.com www.youtube-nocookie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io log.pinterest.com www.googletagmanager.com ssl.google-analytics.com maps.googleapis.com maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com static.pay.nl 'self' data: www.snapengage.com lh3.ggpht.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com www.gstatic.com t.trackedlink.net assets.pinterest.com maps.googleapis.com ssl.google-analytics.com embed.sendcloud.sc js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com chimpstatic.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net servicepoints.sendcloud.sc widget.trustpilot.com storage.googleapis.com www.snapengage.com static.widget.trengo.eu consent.cookiebot.com consentcdn.cookiebot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.snapengage.com static.widget.trengo.eu 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com log.pinterest.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com bam.nr-data.net bam-cell.nr-data.net www.snapengage.com api.widget.trengo.eu ws-eu.pusher.com consentcdn.cookiebot.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.krale-wholesale.com *.krale.shop 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-GUKJC6q7l2x-U9FdKFr6tg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src * 'unsafe-inline' 'unsafe-eval' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' platform.instagram.com www.instagram.com google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: fonts.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: secure.gravatar.com www.gravatar.com data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com www.googletagmanager.com; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: www.googletagmanager.com; font-src 'self' data: data: fonts.gstatic.com fonts.googleapis.com; object-src * ; media-src * ; frame-src 'self' www.instagram.com www.googletagmanager.com; manifest-src * ; child-src 'self' www.googletagmanager.com; worker-src * ; base-uri * ; form-action * ; frame-ancestors * ; prefetch-src * ; block-all-mixed-content; report-uri https://flagee.cloud?gdsih-csp-report; 1
object-src 'none';base-uri 'self';script-src 'nonce-cRyD871MKD4NJ4fqUcJXrA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-CcfgiNcw4TjAEj8fc0FwxQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com zip.co static.zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com t.zip.co static.zipmoney.com.au static.zip.co data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com static.zipmoney.com.au static.zip.co zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-79koBAg3qVWxSm9qBwwpMA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com https://fonts.gstatic.com/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.facebook.com *.googlesyndication.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://www.google.com/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com https://www.gstatic.com/ https://fonts.googleapis.com/ https://maps.googleapis.com/ https://servicepoint-locator.dhlparcel.nl/ https://embed.tawk.to/ https://cdn.polyfill.io https://browser.sentry-cdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://fonts.googleapis.com https://servicepoint-locator.dhlparcel.nl/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com https://*.ingest.sentry.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-wF9ERkZ8KzrJhXZ9fX0CHQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://secure.paygate.co.za/payweb3/process.trans sandbox.przelewy24.pl secure.przelewy24.pl 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.xtento.com pay.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.adyen.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://images.unsplash.com www.xtento.com cdn.xtento.com static.przelewy24.pl www.gstatic.com gstatic.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://*.dibspayment.eu chimpstatic.com downloads.mailchimp.com *.list-manage.com www.xtento.com cdn.xtento.com sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src downloads.mailchimp.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://11e62caa-a48d-4c44-a5e4-797aba628899.sansec.watch/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-Id0kRpsK4u3t_wCXgdESqQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';object-src 'none'; base-uri 'none'; connect-src 'self' *.zorgdoc.nl; report-uri https://sentry.zorgdoc.nl/api/11/security/?sentry_key=710eec7163c34959bcfe36be5404c07a 1
object-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; base-uri 'none'; frame-ancestors 'self' 1
font-src maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.networkmerchants.com *.instagram.com *.google.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.networkmerchants.com *.cdninstagram.com https://www.magezon.com https://meetanshi.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.networkmerchants.com *.instagram.com *.google.com/ *.googletagmanager.com https://www.googletagmanager.com tagmanager.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com cdn.ampproject.org www.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.networkmerchants.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com www.gstatic.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.networkmerchants.com *.google-analytics.com https://www.google-analytics.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com cdn.ampproject.org www.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=xxMS4sixTBYT1INQ5y2nGZGCrQzvVatriUfSDJb3ie0-1721961500-1.0.1.1-jc3YXmb9.6lg.VZKRpM7f7Pe0zRSZ4EzIaYqAYQscmAyWkgsFrBjHw7xYYtuzAUJqfSLfJsC4kCIItNsdXIJidUHpxWVtVX8TFt0nJXcuX2YI5e5xF_MAYFB5VE1ozeBsR2B_wuHxuQ0mBvW2OgBHQeDmZ4FUKDj.cTlE9Lj2ds; report-to cf-csp-endpoint 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.trustpilot.com *.hotjar.com *.pcapredict.com *.psplugin.com *.postcodeanywhere.co.uk *.googleapis.com *.cardinalcommerce.com www.googletagmanager.com www.google-analytics.com js-agent.newrelic.com bam.nr-data.net cdn.jsdelivr.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.trustpilot.com *.hotjar.com *.pcapredict.com *.psplugin.com *.postcodeanywhere.co.uk *.googleapis.com *.cardinalcommerce.com www.googletagmanager.com www.google-analytics.com js-agent.newrelic.com bam.nr-data.net cdn.jsdelivr.net; worker-src 'self' *.psplugin.com blob:; frame-src *.trustpilot.com *.hotjar.com *.braintreegateway.com www.googletagmanager.com; frame-ancestors 'self' *.psplugin.com 1
default-src 'self' *.my127.site blob: *.my127.site inviqa.com inviqa.de youtube.com *.doubleclick.net *.google.com *.googleadservices.com *.google.co.uk *.hubspot.com *.trackedweb.net *.hotjar.com madixel.de cdn.cookielaw.org geolocation.onetrust.com; script-src 'self' 'unsafe-inline' blob: *.googleapis.com 'unsafe-eval' *.my127.site inviqa.com inviqa.de *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.hotjar.com *.gstatic.com *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net *.hs-analytics.net *.licdn.com *.twitter.com *.trackedweb.net *.trackedlink.net madixel.de *.googleadservices.com *.ads-twitter.com cdn.cookielaw.org; style-src 'self' 'unsafe-inline' *.my127.site inviqa.com inviqa.de; img-src 'self'  *.my127.site data: inviqa.com inviqa.de *.google.co.uk *.google.com *.google-analytics.com *.twitter.com *.linkedin.com t.co *.hubspot.com *.hsforms.com *.doubleclick.net cdn.cookielaw.org; frame-src *; frame-ancestors 'self'; child-src *; font-src 'self' *.my127.site data: inviqa.com inviqa.de; report-uri https://www.inviqa.report-uri.com/r/d/csp/reportOnly; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://*.usersnap.com https://*.usercentrics.eu https://*.jquery.com https://*.adsrvr.org https://*.google.com https://*.gstatic.com https://www.googleadservices.com https://sgtm.bti.de https://*.kameleoon.eu https://*.kameleoon.io https://*.epoq.de https://bat.bing.com https://connect.facebook.net https://googleads.g.doubleclick.net https://*.clarity.ms https://*.cloudfront.net https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://*.iadvize.com https://*.clarity.ms https://*.polyfill.io https://targetemsecure.blob.core.windows.net https://snap.licdn.com https://maps.googleapis.com; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://sgtm.bti.de https://*.usercentrics.eu https://*.bing.com https://*.epoq.de https://code.jquery.com https://connect.facebook.net https://*.cloudfront.net https://googleads.g.doubleclick.net https://*.kameleoon.eu https://*.kameleoon.io https://privacy-proxy.usercentrics.eu https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://*.clarity.ms https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://*.usersnap.com https://maps.googleapis.com; font-src 'self' https://fonts.gstatic.com https://userlike-cdn-umm.b-cdn.net https://d3dc1lgancj6l0.cloudfront.net; frame-src 'self' https://www.youtube.com https://*.adsrvr.org https://www.facebook.com https://www.google.com https://consentcdn.cookiebot.com https://*.iadvize.com https://maps.googleapis.com; media-src 'self' https://maps.googleapis.com https://mediaserver.bti.de; style-src-elem 'self' 'unsafe-inline' https://*.googleapis.com; img-src 'self' https://*.kameleoon.eu https://*.kameleoon.io https://*.doubleclick.net https://*.usercentrics.eu https://bat.bing.com https://www.bti.de https://cdn4.bti.de https://dc.ads.linkedin.com https://mediaserver.bti.de https://sgtm.bti.de https://*.dc.bgcloudservice.com https://www.facebook.com https://www.google.com https://www.google.de https://maps.googleapis.com; connect-src 'self' https://sgtm.bti.de https://*.kameleoon.eu https://*.kameleoon.io https://*.usercentrics.eu https://*.doubleclick.net https://*.iadvize.com https://*.slgnt.eu https://*.clarity.ms https://maps.googleapis.com https://widget.usersnap.com 1
object-src 'none';base-uri 'self';script-src 'nonce-FkRGQJuV0It0WllhS20bAQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; block-all-mixed-content; connect-src 'self' wss://de20.zopim.com csi.gstatic.com maps.gstatic.com korrelatie.zendesk.com wss://widget-mediator.zopim.com ekr.zdassets.com veiligthuis.zendesk.com google-analytics.com googleapis.com supporta.cc; font-src 'self' fonts.gstatic.com googleapis.com v2.zopim.com; form-action 'self'; frame-src supporta.cc; img-src 'self' data: www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.gstatic.com googleapis.com csi.gstatic.com cdn.supporta.cc; media-src static.zdassets.com; script-src 'self' googletagmanager.com googleoptimize.com google-analytics.com analytics.connectholland.nl v2.zopim.com googleapis.com pg-ws-ggz.custhelp.com static.zdassets.com connect.facebook.net cdn.supporta.cc; style-src 'self' 'unsafe-inline' pg-ws-ggz.widget.custhelp.com 1
font-src *.typekit.net *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://unpkg.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://unpkg.com *.typekit.net downloads.mailchimp.com *.googleapis.com *.googletagmanager.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.google.com *.doubleclick.net *.googlesyndication.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-Y_PKTZtWqoRZwteamg5j7w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-bkmwuIsn7uF7JLpQqZrLYg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self'; child-src 'self' https://www.google.com https://consentcdn.cookiebot.com; connect-src 'self' https://maps.googleapis.com https://consentcdn.cookiebot.com https://region1.google-analytics.com; font-src 'self' data: blob: ; form-action 'self'; frame-ancestors 'self'; frame-src https://www.google.com https://consentcdn.cookiebot.com; img-src 'self' data: https://maps.googleapis.com https://s3.eu-west-1.amazonaws.com https://log.pinterest.com https://imgsct.cookiebot.com https://www.googletagmanager.com; media-src 'self'; object-src 'self'; script-src 'self' https://www.googletagmanager.com https://www.google.com https://maps.googleapis.com https://assets.pinterest.com https://www.gstatic.com https://consent.cookiebot.com https://www.google-analytics.com https://consentcdn.cookiebot.com https://js.createsend1.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; style-src-attr 'unsafe-inline'; worker-src 'self'; report-uri https://csp.tools.acato.nl/api/v1/report 1
object-src 'none';base-uri 'self';script-src 'nonce-QR1ex3cqv2MDXclvbYtdhQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-yMjvzTMLwY282dHY_nJTWw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.klevu.com *.ksearchnet.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com magento-cloudflare.jetrails.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * landofcoder.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ytimg.com *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com landofcoder.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klevu.com *.ksearchnet.com *.fontawesome.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com landofcoder.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-3mAduZck4yZIhEjZQF9NlQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-FtNSL2U_l0NaZqjvyUYICw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
upgrade-insecure-requests 1
default-src 'self' *.ctfassets.net *.trackjs.com *.demdex.net; script-src 'self'; script-src-elem 'self' 'unsafe-inline' assets.adobedtm.com *.go-mpulse.net cdn-ukwest.onetrust.com maps.googleapis.com fonts.googleapis.com; script-src-attr 'self' 'unsafe-inline'; style-src 'self'; style-src-elem 'self' 'unsafe-inline' *.googleapis.com; style-src-attr 'self' 'unsafe-inline'; img-src 'self' data: *.ctfassets.net *.trackjs.com costalimited.d3.sc.omtrdc.net *.gstatic.com *.onetrust.com cm.everesttech.net *.googleapis.com; font-src 'self' *.gstatic.com; connect-src 'self' *.go-mpulse.net cdn-ukwest.onetrust.com trial-eum-clientnsv4-s.akamaihd.net trial-eum-clienttons-s.akamaihd.net *.akstat.io *.demdex.net costalimited.d3.sc.omtrdc.net *.onetrust.io *.trackjs.com maps.googleapis.com; frame-ancestors 'self'; report-uri https://costa.report-uri.com/r/t/csp/reportOnly; report-to default 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.youtube.com www.mcap.com www.google.com *.googleapis.com *.doubleclick.net *.facebook.com *.facebook.net code.jquery.com cdn.jsdelivr.net www.googletagmanager.com *.gstatic.com analytics.google.com www.google.ca www.google-analytics.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.klarnacdn.net *.fontawesome.com *.narvar.com *.narvar.qa use.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com data: * data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.google.com *.braintreegateway.com *.paypal.com google.com *.google.com *.sharethis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com *.yotpo.com swellrewards.com *.swellrewards.com *.pinterest.com *.cdn-btsg.com *.sovendus-connect.com *.doubleclick.net *.paypalobjects.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.paypal.com *.typekit.net *.gstatic.com *.sharethis.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.narvar.com *.narvar.qa www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com maps.gstatic.com *.yotpo.com swellrewards.com *.swellrewards.com * https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ www.google.com *.commerce-payment-services.com assets.adobedtm.com *.magento-datasolutions.com *.magento-ds.com *.typekit.net google.com *.google.com *.sharethis.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.klarna.com *.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com maps.googleapis.com *.yotpo.com swellrewards.com *.swellrewards.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.sharethis.com *.klarnacdn.net https://static.klaviyo.com *.fontawesome.com assets.braintreegateway.com *.yotpo.com swellrewards.com *.swellrewards.com maxcdn.bootstrapcdn.com *.googleapis.com data: * 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.narvar.com *.narvar.qa data: *.iesnare.com/ 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com performance.typekit.net *.magento-datasolutions.com *.magento-ds.com *.adobe.io *.paypal.com google.com *.google.com *.sharethis.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.yotpo.com swellrewards.com *.swellrewards.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-CHhjHS12TJJwOIYVUZofWQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com *.thron.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.iubenda.com *.thron.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.gstatic.com maps.googleapis.com cdn.rawgit.com/googlemaps/ cdn.jsdelivr.net/gh/googlemaps/ *.iubenda.com *.thron.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com *.iubenda.com *.thron.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.thron.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.thron.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.bolt.com https://configure-staging.arper.com maps.googleapis.com *.iubenda.com *.thron.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://configure-staging.arper.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-eUBtp-t6EtmEz-bM44L4RQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; script-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com https://cse.google.com https://js.hsforms.net https://platform-api.sharethis.com https://rebilly.github.io https://unpkg.com https://use.fontawesome.com https://ws.sharethis.com platform.instagram.com platform.twitter.com; script-src-attr 'self'; style-src 'self' https://cloud.typography.com https://use.fontawesome.com; style-src-attr 'self'; frame-ancestors 'self' 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net https://*.gstatic.com *.fontawesome.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.adyen.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io *.adyen.com https://*.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.adyen.com *.avada.io https://consent.cookiebot.com/ https://cdnjs.cloudflare.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com/ *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io *.adyen.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-kt4zUbwAE2KOfltpFeqbWA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-c5KsjdqPObWxwmbaiRUfsA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com *.zmags.com *.zma.gs *.force.com *.userway.org *.fatwin.com *.salesforceliveagent.com *.klaviyo.com *.powerreviews.com *.scene7.com *.cloudflare.com script.crazyegg.com images.getfastr.com js.adsrvr.org stats.g.doubleclick.net googleads.g.doubleclick.net google.co.in *.cloudfront.net *.jquery.com *.cloudinary.com blog.starfurniture.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com blog.starfurniture.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com blog.starfurniture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.affirm.com *.affirm.ca *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com blog.starfurniture.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com *.affirm.com *.affirm.ca www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.zmags.com *.zma.gs *.force.com *.userway.org *.fatwin.com *.salesforceliveagent.com *.klaviyo.com *.powerreviews.com *.scene7.com *.cloudflare.com script.crazyegg.com images.getfastr.com js.adsrvr.org stats.g.doubleclick.net *.google.co.in *.cloudfront.net *.jquery.com *.cloudinary.com blog.starfurniture.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.affirm.com *.affirm.ca *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.zmags.com *.zma.gs *.force.com *.userway.org *.fatwin.com *.salesforceliveagent.com *.klaviyo.com *.powerreviews.com *.scene7.com *.cloudflare.com script.crazyegg.com images.getfastr.com js.adsrvr.org stats.g.doubleclick.net google.co.in *.cloudfront.net *.jquery.com *.cloudinary.com blog.starfurniture.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.zmags.com *.zma.gs *.force.com *.userway.org *.fatwin.com *.salesforceliveagent.com *.klaviyo.com *.powerreviews.com *.scene7.com *.cloudflare.com *.googleapis.com script.crazyegg.com images.getfastr.com js.adsrvr.org stats.g.doubleclick.net googleads.g.doubleclick.net google.co.in *.cloudfront.net *.jquery.com *.cloudinary.com blog.starfurniture.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blog.starfurniture.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com *.affirm.com *.affirm.ca thm.visa.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.zmags.com *.zma.gs *.force.com *.userway.org *.fatwin.com *.salesforceliveagent.com *.klaviyo.com *.powerreviews.com *.scene7.com *.cloudflare.com script.crazyegg.com images.getfastr.com js.adsrvr.org stats.g.doubleclick.net googleads.g.doubleclick.net google.co.in *.cloudfront.net *.jquery.com *.cloudinary.com blog.starfurniture.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com blog.starfurniture.com http: https: blob: 'self' 'unsafe-inline'; default-src blog.starfurniture.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'nonce-yqQcV87j-DCoifau9whYvg' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net *.fontawesome.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cleverreach.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.zenaps.com *.fls.doubleclick.net https://www.googletagmanager.com/ js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.awin1.com *.zenaps.com *.wepowerconnections.com *.cloudfront.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com 360yield.com *.360yield.com 3lift.com *.3lift.com adnxs.com *.adnxs.com billiger.de *.billiger.de bing.com *.bing.com criteo.com *.criteo.com doubleclick.net *.doubleclick.net facebook.com *.facebook.com google.de *.google.de idealo.com *.idealo.com media.net *.media.net omnitagjs.com *.omnitagjs.com roeye.com *.roeye.com roeyecdn.com *.roeyecdn.com sharethrough.com *.sharethrough.com smartadserver.com *.smartadserver.com taboola.com *.taboola.com teads.tv *.teads.tv tremorhub.com *.tremorhub.com twiago.com *.twiago.com uimserv.net *.uimserv.net usd.de *.usd.de usercentrics.eu *.usercentrics.eu yieldlab.net *.yieldlab.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.googleapis.com *.gstatic.com widget.freshworks.com m2epro.freshdesk.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com bing.com *.bing.com criteo.com *.criteo.com cdnsrv.de *.cdnsrv.de clickcease.com *.clickcease.com df-srv.de *.df-srv.de fatmedia.io *.fatmedia.io facebook.net *.facebook.net kuponacdn.de *.kuponacdn.de livechatinc.com *.livechatinc.com pinimg.com *.pinimg.com roeyecdn.com *.roeyecdn.com shopgate.com *.shopgate.com uicdn.com *.uicdn.com usercentrics.eu *.usercentrics.eu https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com www.xtento.com cdn.xtento.com https://www.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com maxcdn.bootstrapcdn.com assets.braintreegateway.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de wepowerconnections.com https://the.sciencebehindecommerce.com widget.freshworks.com m2epro.freshdesk.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com criteo.com *.criteo.com doubleclick.net *.doubleclick.net facebook.com *.facebook.com livechatinc.com *.livechatinc.com pinterest.com *.pinterest.com usercentrics.eu *.usercentrics.eu *.wepowerconnections.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.twitter.com www.google.com www.google.co.in www.facebook.com landofcoder.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io store.paradoxlabs.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.texmetals.com *.cloudflare.com *.gstatic.com *.google.com *.google.co.in www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net stats.g.doubleclick.net d.adroll.com pixel.advertising.com pixel.rubiconproject.com simage2.pubmatic.com dsum-sec.casalemedia.com ads.yahoo.com eb2.3lift.com sync.outbrain.com trc.taboola.com x.bidswitch.net/sync ib.adnxs.com idsync.rlcdn.com us-u.openx.net ups.analytics.yahoo.com segments.company-target.com sync.tidaltv.com img.riskified.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com connect.facebook.net *.paypalobjects.com *.googletagmanager.com s.adroll.com d.adroll.com d.adroll.mgr.consensu.org *.bootstrapcdn.com cdn.socket.io beacon.riskified.com mouseflow.com cdn.mouseflow.com widget.nfusionsolutions.com landofcoder.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' style *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.youtube.com *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.twitter.com *.twimg.com *.google-analytics.com *.facebook.com websocket.texmetals.com wss://websocket.texmetals.com ws-so-staging.texmetals.com wss://ws-so-staging.texmetals.com *.riskified.com *.mouseflow.com landofcoder.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri {{baseUrl}}; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-pWyiQujzunUlmKyQ45Vemg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com *.livechatinc.com *.plyr.io https://widgets.trustedshops.com https://integrations.etrusted.com *.klarnacdn.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.net *.facebook.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.iubenda.com *.googletagmanager.com *.pinterest.com *.livechatinc.com *.facebook.net *.facebook.com *.linkedin.com *.googleapis.com *.klarna.com https://www.googletagmanager.com/ secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.iubenda.com pixel.mathtag.com sync.mathtag.com *.trustedshops.com *.linkedin.com *.google.de *.facebook.net *.facebook.com *.livechatinc.com *.yahoo.com *.truoptik.com *.pinterest.com maps.gstatic.com *.doubleclick.net *.ytimg.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://widgets.trustedshops.com https://integrations.etrusted.com *.klarna.com *.klarnaevt.com *.klarnacdn.net cdn.pay1.de x.klarnacdn.net *.cloudfront.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.iubenda.com chimpstatic.com *.roomvo.com *.trustedshops.com *.livechatinc.com *.cloudflare.com *.getsitecontrol.com *.pinimg.com *.mouseflow.com *.doubleclick.net *.licdn.com *.facebook.net *.facebook.com *.yimg.com *.teads.tv *.pinterest.com *.getsitectrl.com *.googletagmanager.com *.klarna.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ downloads.mailchimp.com *.list-manage.com https://widgets.trustedshops.com https://integrations.etrusted.com *.klarnacdn.net *.klarnaservices.com s7.addthis.com *.avada.io secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com https://widgets-qa.trustedshops.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com downloads.mailchimp.com https://widgets.trustedshops.com https://integrations.etrusted.com *.klarnacdn.net d.ratepay.com d.payla.io dr.payla.io unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.iubenda.com *.roomvo.com chimpstatic.com *.trustedshops.com *.livechatinc.com *.cloudflare.com *.getsitecontrol.com *.pinimg.com *.mouseflow.com *.doubleclick.net *.licdn.com *.facebook.net *.facebook.com *.yimg.com *.teads.tv *.pinterest.com *.getsitectrl.com *.googletagmanager.com *.linkedin.oribi.io *.linkedin.com *.klarnaevt.com *.klarna.com *.noembed.com *.plyr.io http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.etrusted.com *.klarnacdn.net *.klarnaservices.com ekr.zdassets.com/ https://get.geojs.io *.avada.io payments.amazon.de d.ratepay.com jsctool.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google-analytics.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.flixcar.com *.flixfacts.com *.typekit.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.cookiebot.com *.multisafepay.com https://pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.bing.com *.cloudfront.net *.flix360.com *.cookiebot.com *.flixcar.com *.flixfacts.com *.google.nl *.flix360.io *.multisafepay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.bing.com *.cloudflare.com *.cookiebot.com *.flixcar.com *.flixfacts.com *.flixgvid.io *.fontawesome.com *.googlesyndication.com *.instagram.com *.loadbee.com *.trustedshops.com *.twimg.com *.twitter.com *.usercentrics.eu *.avada.io *.multisafepay.com https://pay.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.cloudflare.com *.flixcar.com *.typekit.net *.fontawesome.com *.multisafepay.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.cookiebot.com *.doubleclick.net *.flixcar.com *.googlesyndication.com *.loadbee.com https://get.geojs.io *.avada.io *.multisafepay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-o13p0SYxTUreeJ0ebKFcMA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com data: *.hotjar.com github.com cdn.honey.io *.photoslurp.com use.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.redsys.es facebook.com *.adyen.com *.redsys.com *.pinterest.com sas.redsys.es *.facebook.com sas.redsys.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.hotjar.com *.google.com *.addthis.com *.kampyle.com facebook.com docs.google.com *.facebook.com *.pinterest.es *.pinterest.com service.force.com *.criteo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com blob: *.w3.org *.bing.com c.bing.com *.hotjar.com bat.bing.com *.clarity.ms *.google.fr facebook.com *.kampyle.com *.gstatic.com *.ladybird.nl *.google.com *.fbcdn.net *.cookiepro.com *.pinterest.com *.pronovias.com *.facebook.com *.google.es *.photoslurp.com *.googleapis.com *.sanpatrick.com *.nicolemilano.com *.cdninstagram.com instagram.com *.verawangbride.com *.whiteonebridal.com *.googletagmanager.com scontent.fmad7-1.fna.fbcdn.net click.s50.exacttarget.com * data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com unpkg.com *.force.com bat.bing.com *.adyen.com *.pinimg.com *.google.com *.hotjar.com *.tiktok.com dropbox.com gstatic.com *.nr-data.net *.clarity.ms *.moatads.com *.addthis.com *.kampyle.com *.newrelic.com *.gstatic.com *.dropbox.com *.cookiepro.com *.facebook.net *.facebook.com facebook.net *.photoslurp.com *.googleapis.com *.salesforce.com *.addthisedge.com *.secure.force.com http://polyfill.io service.force.com bam.eu01.nr-data.net *.nicolemilano.com *.empathybroker.com x.empathy.co x.staging.empathy.co *.lightning.force.com analytics.tiktok.com *.googletagmanager.com googletagmanager.com *.salesforceliveagent.com static.lightning.force.com *.la3-c1cs-fra.salesforceliveagent.com d.la3-c1cs-fra.salesforceliveagent.com pronoviasgroup.my.salesforce.com *.pinterest.com player.vimeo.com *.criteo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.honey.io *.kampyle.com *.force.com *.photoslurp.com service.force.com *.nicolemilano.com gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.vimeo.com *.akamaized.net *.photoslurp.com player.vimeo.com vod-progressive.akamaized.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.tt.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com wss: bat.bing.com *.force.com *.tiktok.com *.nr-data.net *.hotjar.io *.clarity.ms *.vimeo.com d.clarity.ms h.clarity.ms *.kampyle.com *.hotjar.com vc.hotjar.io ws7.hotjar.com *.instagram.com *.cookiepro.com *.pinterest.com *.amazonaws.com client.rum.us-east-1.amazonaws.com sts.eu-west-1.amazonaws.com ws16.hotjar.com ws20.hotjar.com ws22.hotjar.com ws23.hotjar.com ws33.hotjar.com ws34.hotjar.com *.facebook.com *.googleapis.com *.photoslurp.com *.secure.force.com bam.eu01.nr-data.net *.empathybroker.com x.empathy.co x.staging.empathy.co stats.g.doubleclick.net *.google-analytics.com api.empathybroker.com api.empathy.co api.staging.empathy.co api-staging.empathybroker.com pronoviasgroupcti.secure.force.com analytics.pangle-ads.com properties *.criteo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-Go7feoB4oVNS9tzddwmZKA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-H_QlJplnxKXhlAJxdKJLmA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri https://api.sunbit.com/sampling/api/v1/csp-reports?application=my-sunbit&env=prod; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://fpnpmcdn.net https://use1.fptls.com *.sunbit.* *.google.com https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://sentry.io *.googletagmanager.com *.google-analytics.com *.datadoghq-browser-agent.com https://www.gstatic.com https://cdn.jsdelivr.net/npm/axios@1.6.2/dist/axios.min.js 'sha256-oNwErqIk8VRSUay1+8A7krM8W1V1Tq/5L14zrrLP8pw=' 'sha256-woAyRoW0yGOEl+CG3XDrIRRr4AqDTWyBET3GMzjr75g=' 'sha256-ThhI8UaSFEbbl6cISiZpnJ4Z44uNSq2tPKgyRTD3LyU=' 'sha256-AF490//jIflwN/2nTDszvAx/KI2V9GJG8gdwvGhO/zw=' 'sha256-8dULgHWW2eIwqjJTAQle9cUf85AipTjC2f9Ks83Sxks='; style-src 'self' 'unsafe-inline' *.googleapis.com blob:; frame-src data: http://epay *.sunbit.* *.google.com *.googletagmanager.com; child-src *.googletagmanager.com *.mysunbit.* blob:; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com https://www.google.co.il/ https://static.sunbit.*; font-src 'self' *.gstatic.com *.typekit.net data:; connect-src 'self' ws: about: http://api *.sunbit.* *.google.com https://sentry.io *.browser-intake-datadoghq.com *.datadoghq.com *.google-analytics.com www.google-analytics.com *.googletagmanager.com *.datadoghq.com *.datadoghq.eu tls-use1.fpapi.io https://use1.fptls.com/ https://api-js.mixpanel.com/ https://stats.g.doubleclick.net/; 1
object-src 'none';base-uri 'self';script-src 'nonce-q9CnaQDM6dPiYn69BywOSw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; frame-ancestors 'self'; report-uri https://leafgroup.report-uri.com/r/d/csp/wizard 1
object-src 'none';base-uri 'self';script-src 'nonce-Zz_ZXJHD5GatW9hSy7RPoA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'nonce-Pzh-ITDMvJPbpUWhK8Z6GQ' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
object-src 'none';base-uri 'self';script-src 'nonce-Sz4HGy-dOdDx9QtdtPR-mg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: accounts.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com *.weltpixel.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com accounts.google.com *.fontawesome.com *.googleapis.com *.gstatic.com *.avada.io maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com https://www.googletagmanager.com tagmanager.google.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com accounts.google.com maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline assets.braintreegateway.com *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ accounts.google.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com https://www.trustedsite.com *.trustpilot.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.affirm.com *.affirm.ca www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://cdn.ywxi.net *.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://cdn.ywxi.net https://www.trustedsite.com *.trustpilot.com https://www.googletagmanager.com tagmanager.google.com unpkg.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.affirm.com *.affirm.ca api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://s3-us-west-2.amazonaws.com/mfesecure-public/ https://www.trustedsite.com *.google-analytics.com *.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://on-site.com https://*.on-site.com https://on-site.com:8765 https://*.on-site.com:8765 https://*.realpage.com https://*.erenterplan.com https://cdn.statuspage.io https://code.jquery.com https://acsbap.com https://acsbapp.com https://cdn.jsdelivr.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://www.gstatic.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com; object-src 'self'; worker-src 'self' blob:; report-uri /pub/csp_reports 1
object-src 'none';base-uri 'self';script-src 'nonce-b1sQfhsCa2512hnDESqh-Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src https://cdn.checkout.com *.klarnacdn.net *.fontawesome.com *.cloudfront.net *.reviews.io *.reviews.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://js.checkout.com *.klarna.com *.reviews.io *.reviews.co.uk *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://meetanshi.com/media/logo.png *.cloudfront.net *.reviews.io *.reviews.co.uk maps.gstatic.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://cdn.checkout.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.reviews.io *.reviews.co.uk maps.googleapis.com cdn.routeapp.io fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://cdn.checkout.com *.klarnacdn.net https://static.klaviyo.com *.fontawesome.com *.cloudfront.net *.reviews.io *.reviews.co.uk fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://js.checkout.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudfront.net *.reviews.io *.reviews.co.uk api.route.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-Zdd_-FhLzf1tcBhWNqUqwQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net *.squarecdn.com *.fontawesome.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com use.fontawesome.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com widgets.sandbox.afterpay.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io *.afterpay.com/ www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.yotpo.com swellrewards.com *.swellrewards.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com *.avada.io *.gstatic.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com *.yotpo.com swellrewards.com *.swellrewards.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com static.afterpay.com/ *.squarecdn.com https://static.klaviyo.com *.fontawesome.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline assets.braintreegateway.com tagmanager.google.com *.yotpo.com swellrewards.com *.swellrewards.com *.googleapis.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com thm.visa.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google-analytics.com *.facebook.net *.yotpo.com swellrewards.com *.swellrewards.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https:;script-src https: 'strict-dynamic' 'nonce-99343f9ab6312d99a60830ce7b591c8db870b705d9c8879202418b0b2f372322' 'unsafe-inline' 'unsafe-eval' 'report-sample';style-src https: 'unsafe-inline';img-src https: data:;connect-src https: wss:;font-src https: data:;object-src 'none';media-src https: blob: data:;frame-src https: null data: blob:;child-src 'self' https:;form-action 'self';frame-ancestors https://my.firespring.com;base-uri 'self' https://insights.sitesearch360.com;worker-src 'self' blob:;manifest-src 'self' https://cdn.firespring.com;report-uri /csp_log 1
base-uri 'none'; report-uri https://vault.gostatera.com/collect/csp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.gstatic.com *.criteo.com *.googleapis.com *.smartadserver.com *.facebook.net bat.bing.com www.google.fr tag.aticdn.net cdn.cookielaw.org *.clarity.ms *.weborama.fr www.google.com *.zemanta.com www.googletagmanager.com region1.analytics.google.com *.doubleclick.net adservice.google.com *.onetrust.com logs1412.xiti.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ; img-src 'self' data: secure.gravatar.com www.gravatar.com; report-uri https://wordpress-1204180-4525087.cloudwaysapps.com?gdsih-csp-report; 1
report-uri https://www.schweitzer-online.de/iconparc/webmed/StoreFront/contentSecurityPolicyReport.ipm; default-src 'self'; script-src 'self' https://*.schweitzer-online.de https://www.googletagmanager.com https://player.vimeo.com/ https://appjs.blickinsbuch.de data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.schweitzer-online.de https://www.googletagmanager.com https://*.google-analytics.com https://search.lereto.com data: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' https://*.schweitzer-online.de data:; img-src https://* data:; form-action 'self' https://secure.payengine.de; frame-src 'self' https://player.vimeo.com https://www.book2look.com https://www.bic-media.com https://search.lereto.com; frame-ancestors 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-S8RKNcFIyWJRewxbYmSHmw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-eeMMinyRkw5vWbKGqvqaDA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.typekit.net *.hotjar.com *.audioeye.com *.fontawesome.com https://cdnjs.cloudflare.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com *.criteo.com *.pinterest.com *.hotjar.com *.audioeye.com andros.easi.chat *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.g.doubleclick.net *.googletagmanager.com *.gstatic.com validate.fishpig.co.uk *.typekit.net *.google.fr *.google-analytics.com *.pinterest.com cdn.wisepops.com tracking.wisepops.com *.hotjar.com secure.adnxs.com *.criteo.com img2.storyblok.com shareasale.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.mollie.com https://api.mapbox.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com *.typekit.net *.youtube.com *.googleapis.com *.crazyegg.com *.hotjar.com *.pinimg.com *.criteo.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net cdn.wisepops.com loader.wisepops.com cdn.cookielaw.org *.audioeye.com *.easiware.fr *.easiwebforms.net *.easiconnect.io *.dwin1.com s.skimresources.com easiconnect-io-s3-prod-cachebucket-jgz0hjxjivav.s3.eu-west-1.amazonaws.com andros.easi.chat *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io js.mollie.com https://cdnjs.cloudflare.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.hotjar.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.googleapis.com *.doubleclick.net *.g.doubleclick.net *.google.fr *.googletagmanager.com *.analytics.google.com *.pinterest.com bam.nr-data.net gov-bam.nr-data.net activity.wisepops.com popup.wisepops.com tracking.wisepops.com cdn.cookielaw.org *.hotjar.com *.hotjar.io *.audioeye.com *.easiware.fr *.easiwebforms.net *.easiconnect.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com autocomplete2.postdirekt.de *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-15_nSd_rp_k5dq1xMANM9g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce--Tst28aMXIpGk4-IBY0rTA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Kbcuc2i6v4Q4SFD2TbzEpQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-rTsWenTFNX9B5ikA94gYHg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-eval' 'strict-dynamic' https://myfavoritequiltstore.com https://www.clarity.ms *.clarity.ms https://static-tracking.klaviyo.com https://stats.g.doubleclick.net https://analytics.tiktok.com https://googleads.g.doubleclick.net https://connect.facebook.net https://sc-static.net https://static.klaviyo.com https://www.redditstatic.com https://analytics.twitter.com https://static.ads-twitter.com https://bat.bing.com https://s.pinimg.com https://analytics.tiktok.com https://www.googleadservices.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://apis.google.com https://dev.visualwebsiteoptimizer.com https://www.gstatic.com https://www.google.com https://assets.gorgias.chat https://config.gorgias.chat https://js.smile.io https://polyfill.io https://shopify-gtm-suite.getelevar.com https://www.googleoptimize.com https://api.getemails.com 'sha256-oafQL/+rENnojosA/XKcZ29LdGUyZUYnxLDmeg6qeTM=' 'sha256-YTWugyxLMwaGvKFv4VtjsYWq24gIWht2ZRa8pdlgbnk='; style-src 'report-sample' 'self' 'unsafe-inline' https://static.klaviyo.com https://fonts.googleapis.com https://www.googletagmanager.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://insights.algolia.io https://gwywm8uj54.algolia.net https://bat.bing.com https://*.clarity.ms https://stats.g.doubleclick.net https://www.facebook.com https://apis.google.com https://www.google-analytics.com wss://*.gorgias.chat https://*.gorgias.chat https://*.klaviyo.com https://myfavoritequiltstore.com https://*.myfavoritequiltstore.com https://ct.pinterest.com https://*.smile.io https://tr.snapchat.com https://api.segment.io https://o1146830.ingest.sentry.io https://analytics.tiktok.com https://analytics.twitter.com https://dev.visualwebsiteoptimizer.com; font-src 'self' https://assets.gorgias.chat https://js.smile.io https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self' https://www.youtube.com https://accounts.google.com https://www.google.com https://tr.snapchat.com https://tr6.snapchat.com https://www.facebook.com https://analytics.tiktok.com https://ct.pinterest.com https://a.klaviyo.com https://fast.a.klaviyo.com https://static-forms.klaviyo.com https://d.clarity.ms https://bid.g.doubleclick.net; frame-ancestors 'self' https://www.youtube.com; img-src 'self' https://analytics.tiktok.com https://c.bing.com *.clarity.ms https://ct.pinterest.com https://www.google.com https://www.facebook.com https://t.co https://bat.bing.com https://alb.reddit.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.shopify.com https://fonts.gstatic.com https://csi.gstatic.com https://cdn.sweettooth.io https://*.myfavoritequiltstore.com https://dev.visualwebsiteoptimizer.com data: https://i.ytimg.com https://googleads.g.doubleclick.net https://analytics.twitter.com; manifest-src 'self'; media-src 'self' https://www.youtube.com https://cdn.shopify.com https://assets.gorgias.chat; report-uri /api/csp-violation-report/; worker-src 'none'; 1
object-src 'none';base-uri 'self';script-src 'nonce-442O5h_jWhMHx3qqhwE9EA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.googleapis.com *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.fontawesome.com *.tawk.to data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.youtube.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.buckaroo.nl *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.run2day.nl *.google.de data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trackedlink.net *.avada.io *.sooqr.com *.spotlersearch.com spotlersearchanalytics.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com chimpstatic.com *.googleoptimize.com *.ecookie.nl https://ecookie.nl *.hotjar.com *.livechatinc.com *.shoppingminds.com *.omappapi.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.sooqr.com *.spotlersearch.com unsafe-inline assets.braintreegateway.com *.omappapi.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com https://cognito-identity.eu-central-1.amazonaws.com *.omappapi.com *.g.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://biggreensmile.report-uri.io/r/default/csp/reportOnly 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net www.searchanise.com *.searchserverapi.com *.stripe.com *.google.com *.sagepay.com *.fontawesome.com www.factory-direct-flooring.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.searchanise.com *.searchserverapi.com *.twitter.com *.stripe.com *.google.com *.sagepay.com *.facebook.com *.arcot.com *.securesuite.co.uk *.mycardsecure.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.wlp-acs.com * www.factory-direct-flooring.co.uk 'self' 'unsafe-inline'; frame-ancestors *.facebook.net www.factory-direct-flooring.co.uk 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.searchanise.com *.searchserverapi.com *.twitter.com *.stripe.com *.sagepay.com *.hotjar.com *.facebook.com *.addthis.com *.arcot.com *.securesuite.co.uk *.pinterest.com *.mycardsecure.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.factory-direct-flooring.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com *.stripe.com *.google.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.sagepay.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com *.facebook.net *.bing.com *.pinterest.com *.google.co.uk *.limely.co.uk *.gravatar.com *.googletagmanager.com *.postcodeanywhere.co.uk *.addthis.com *.factory-direct-flooring.co.uk *.carpetworlduk.co.uk www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.factory-direct-flooring.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com *.stripe.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.sagepay.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cardinalcommerce.com *.googletagmanager.com *.facebook.net apis.google.com cdn.livechatinc.com *.hotjar.com *.bing.com *.pinimg.com *.pcapredict.com *.postcodeanywhere.co.uk *.pinterest.com *.addthis.com *.addthisedge.com *.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.factory-direct-flooring.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com *.stripe.com *.google.com downloads.mailchimp.com *.sagepay.com https://static.klaviyo.com *.googleapis.com *.postcodeanywhere.co.uk *.gstatic.com *.fontawesome.com assets.braintreegateway.com www.factory-direct-flooring.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.factory-direct-flooring.co.uk 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io api.amplitude.com stats.g.doubleclick.net *.stripe.com *.sagepay.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com *.cardinalcommerce.com *.googleapis.com *.pinterest.com *.hotjar.com wss://*.hotjar.com wss://*.hotjar.com/ *.hotjar.io *.postcodeanywhere.co.uk *.facebook.com *.doubleclick.net *.bing.com *.addthis.com *.reviews.co.uk api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com www.factory-direct-flooring.co.uk 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.factory-direct-flooring.co.uk http: https: blob: 'self' 'unsafe-inline'; default-src www.factory-direct-flooring.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://factorydirectflooring.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.mtp.pl *.fontawesome.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action *.facebook.com *.googlesyndication.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.seatsio.net secure.payu.com merch-prod.snd.payu.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.google.pl *.google.de *.googleapis.com *.bing.com *.clarity.ms static.payu.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.mtp.pl analytics.tiktok.com *.googleapis.com *.clarity.ms secure.payu.com secure.snd.payu.com s7.addthis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.mtp.pl *.seatsio.net *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.g.doubleclick.net analytics.tiktok.com *.googleapis.com *.clarity.ms secure.payu.com merch-prod.snd.payu.com ekr.zdassets.com/ t.elasticsuite.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=1l38Q0wlNg5wMvVQlBBBzwvbJnUmi54nrD60.GkqI00-1721956180-1.0.1.1-SkAKY4l9DT6JW21WNx.N2qza0o2HX0ZADcY6Fc2Uk0DQO1oHhBveOn_7l4rYJ3rlUdX85Ncj1oWKFAtgIBm2niEJmimQguJgHWWuQYc6n9wAWwFEVTpfqPnLKX4OFViJ08F15ObTjGNf8zKH6YRTUARgPzLY9jjDxNcf2_yxqF_UwDF6.9L2GDI.QdF.eCVGRZzkCssWIGGZzLWP.YLUuA; report-to cf-tgrmxxgxquihgzbu 1
object-src 'none';base-uri 'self';script-src 'nonce-rd_8f9e2h5j6zg0dCHWgmQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'self' 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.demdex.net *.hubspot.com wave-utility-stage.azurewebsites.net/ wave-utility.azurewebsites.net/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com *.newrelic.com *.nr-data.net *.google.com *.linkedin.com *.salsify.com *.hubspot.com *.hsforms.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net cdn.ampproject.org raw.githubusercontent.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.newrelic.com *.nr-data.net unpkg.com *.unpkg.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.salsify.com *.hubspot.com *.hsforms.com *.hs-scripts.com *.hscollectedforms.net *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.hubspotfeedback.com *.licdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.newrelic.com *.nr-data.net *.google.com *.salsify.com *.hubspot.com *.hsforms.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io cdn.ampproject.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.newrelic.com *.nr-data.net unpkg.com *.unpkg.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.googleapis.com *.salsify.com *.linkedin.com *.hubspot.com *.hsforms.com *.hubapi.com *.hscollectedforms.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-rIezubEy2hsrq-FxdMfAvw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com https://fonts.gstatic.com *.bootstrapcdn.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.klarnacdn.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.facebook.com *.reviews.io *.reviews.co.uk *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com/ https://www.youtube.com sibautomation.com secure.pay1.de ekr.zdassets.com static.zdassets.com *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com static.addtoany.com *.reviews.io *.reviews.co.uk *.klarna.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://www.magezon.com scontent.cdninstagram.com googleads.g.doubleclick.net v2assets.zopim.io static.zdassets.com *.google.at *.google.com *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net *.youtube.com https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://cdn.plyr.io maps.gstatic.com maps.googleapis.com cdn.rawgit.com/googlemaps/ cdn.jsdelivr.net/gh/googlemaps/ *.cloudfront.net *.reviews.io *.reviews.co.uk *.klarnaevt.com *.klarnacdn.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com *.google.com/ cookiehub.net sibautomation.com secure.pay1.de ekr.zdassets.com sibforms.com static.zdassets.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com https://chimpstatic.com *.googletagmanager.com *.youtube.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com static.addtoany.com jquery.sellxed.com maps.googleapis.com *.reviews.io *.reviews.co.uk *.klarna.com *.klarnacdn.net *.klarnaservices.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com ekr.zdassets.com static.zdassets.com * sibforms.com *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.bootstrapcdn.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.klarnacdn.net *.addtoany.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org graph.instagram.com googleads.g.doubleclick.net consent.cookiehub.net in-automate.sendinblue.com wss://widget-mediator.zopim.com ekr.zdassets.com skinfit.zendesk.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.google.co.in *.facebook.com maps.googleapis.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io http://dpm.demdex.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-FX7T7PsQbeEVl5xjXQMwuA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com https://fonts.gstatic.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com secure-gateway.hipay-tpp.com *.hipay.com *.weltpixel.com https://thinglink.com/ https://app.usercentrics.eu/ www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.googleapis.com *.gstatic.com https://widgets.trustedshops.com/ https://integrations.etrusted.com/ https://app.usercentrics.eu/ *.facebook.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ secure-gateway.hipay-tpp.com *.hipay.com mpsnare.iesnare.com https://cdnjs.cloudflare.com https://widgets.trustedshops.com/ https://integrations.etrusted.com/ https://cdn.thinglink.me/ https://app.usercentrics.eu/ https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.hipay.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://integrations.etrusted.com/ tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com data: mpsnare.iesnare.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.googleapis.com *.hipay.com wss://mpsnare.iesnare.com https://integrations.etrusted.com/ https://app.usercentrics.eu/ https://api.usercentrics.eu/ *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-pv4tSj4SSb_5qntozRuLlw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-J-YlRoSeZsR53TSOlgFihQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com *.amazonaws.com *.fontplus.jp data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com *.fontplus.jp 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com *.fontplus.jp 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.meetanshi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.demdex.net/ *.youtube.com/ *.fontplus.jp *.googletagmanager.com *.fontplus.js/* static.addtoany.com td.doubleclick.net ct.pinterest.com fledge.teads.tv p.teads.tv *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com *.omtrdc.net/ dpm.demdex.net *.everesttech.net/ *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.googleapis.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.meetanshi.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.tasaki.inc/ www.google.com www.google.co.jp ct.pinterest.com t.teads.tv cm.teads.tv b99.yahoo.co.jp t.co analytics.twitter.com tr.line.me www.facebook.com i.smartnews-ads.com i6.smartnews-ads.com www.googletagmanager.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.googleapis.com *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://www.googletagmanager.com https://polyfill-fastly.io *.avada.io *.meetanshi.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.fontplus.jp static.addtoany.com googleads.g.doubleclick.net s.pinimg.com ct.pinterest.com p.teads.tv s.yimg.jp b99.yahoo.co.jp www.clarity.ms static.ads-twitter.com d.line-scdn.net connect.facebook.net taj1.ebis.ne.jp rec.ebis.ne.jp cdn.smartnews-ads.com p01.mul-pay.jp pt01.mul-pay.jp static.mul-pay.jp stg.static.mul-pay.jp 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de madefor.github.io https://get.geojs.io *.avada.io *.meetanshi.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.google-analytics.com maps.googleapis.com static.addtoany.com *.fontplus.jp adservice.google.com www.google.com analytics.google.com ct.pinterest.com cm.teads.tv t.teads.tv am.yahoo.co.jp www.clarity.ms *.clarity.ms c.bing.com stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
img-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-MOYtdtOzfNw_FgWtPAsAyw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.googleapis.com fonts.gstatic.com data: *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.wistia.net *.wistia.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com tracking.monsido.com *.wistia.net *.wistia.com *.hsforms.net *.hsforms.com https://img.youtube.com 'self' data: *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ unpkg.com *.sketchfab.com s7.addthis.com app-script.monsido.com *.wistia.net *.wistia.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.wistia.net *.wistia.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.wistia.net *.wistia.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.wistia.net *.wistia.com 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-e8qvYHCDoPPHEJml0HhP1Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-wT9Jwc4XbIlmlwX6ritEeQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
worker-src blob:; font-src fonts.gstatic.com *.fontawesome.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.sharethis.com secure-gateway.hipay-tpp.com stage-secure-gateway.hipay-tpp.com *.hipay.com *.paypal.com https://widget.trustpilot.com csxd.{crossdomain} www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.sharethis.com *.contentsquare.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://maps.googleapis.com https://maps.gstatic.com https://www.google.fr https://api.mapbox.com *.tile.openstreetmap.org data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.sharethis.com secure-gateway.hipay-tpp.com stage-secure-gateway.hipay-tpp.com *.hipay.com mpsnare.iesnare.com *.paypal.com cdn.jsdelivr.net https://www.googletagmanager.com https://widget.trustpilot.com 'unsafe-inline' t.contentsquare.net app.contentsquare.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://cdnjs.cloudflare.com https://maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.sharethis.com *.hipay.com cdn.jsdelivr.net fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src data: mpsnare.iesnare.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.sharethis.com secure-gateway.hipay-tpp.com stage-secure-gateway.hipay-tpp.com *.hipay.com wss://mpsnare.iesnare.com *.getalma.eu *.contentsquare.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://nominatim.openstreetmap.org 'self' 'unsafe-inline'; child-src blob: http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-wjQ3UI6AwDRUNm9jsKiuCQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-EqohxqISCFhx19PUl0FaoA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-3Wt-JNCW7gCwStty1MWAgw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bannerflow.net *.lampenwelt.de *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.storyblok.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com https://cdn.consentmanager.net https://delivery.consentmanager.net secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com challenges.cloudflare.com https://www.recaptcha.net/recaptcha/ *.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net data: *.adyen.com *.brsrvr.com *.bloomreach.cloud https://cdn.consentmanager.net https://delivery.consentmanager.net cdn.pay1.de x.klarnacdn.net *.cloudfront.net *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu lw-cdn.com *.adingo.jp *.adnxs.com *.aralego.com *.bing.com *.bidswitch.net *.bluekai.com *.casalemedia.com *.clmbtech.com *.contentsquare.net *.consentmanager.net *.criteo.com *.dable.io *.doubleclick.net *.google.com *.googleapis.com *.lampenwelt.de *.linkedin.com *.media.net *.outbrain.com *.pubmatic.com *.rlcdn.com *.roeyecdn.com *.rubiconproject.com *.smaato.net *.smartadserver.com *.socdm.com *.stickyadstv.com *.taboola.com *.teads.tv *.unrulymedia.com *.yahoo.com *.yieldmo.com *.1rx.io *.3lift.com *.360yield.com *.storyblok.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com collector.sst.lampegiganten.no data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com cdn.brcdn.com https://cdn.consentmanager.net https://delivery.consentmanager.net secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io challenges.cloudflare.com https://www.recaptcha.net/recaptcha/ *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com *.aticdn.net *.bing.com *.criteo.com *.contentsquare.net https://delivery *.doubleclick.net *.dwin1.com *.facebook.net *.hello-charles.com *.kk-resources.com *.lampenwelt.de *.licdn.com *.pinimg.com *.pinterest.com *.roeyecdn.com *.salesforceliveagent.com *.scarabresearch.com *.force.com *.tiktok.com *.kameleoon.eu https://js-agent.newrelic.com *.storyblok.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.trustpilot.com collector.sst.lampegiganten.no 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com d.ratepay.com d.payla.io dr.payla.io *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.force.com *.storyblok.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src https://cdn.consentmanager.net https://delivery.consentmanager.net 'self' 'unsafe-inline'; media-src *.adobe.com https://cdn.consentmanager.net https://delivery.consentmanager.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.dxpapi.com https://cdn.consentmanager.net https://delivery.consentmanager.net payments.amazon.de d.ratepay.com jsctool.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.contentsquare.net *.criteo.com *.doubleclick.net *.googleadservices.com *.hello-charles.com *.lampenwelt.de *.linkedin.com *.pa-cd.com *.pinterest.com *.tiktok.com *.wepowerconnections.com *.xiti.com *.kameleoon.io https://bam.eu01.nr-data.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.trustpilot.com collector.sst.lampegiganten.no 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://cdn.consentmanager.net https://delivery.consentmanager.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-collector.magento.lampenwelt.tech; report-to report-endpoint; 1
font-src *.gstatic.com *.typekit.net *.salesfire.co.uk *.klarnacdn.net fonts.gstatic.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://*.doubleclick.net https://*.google.com https://*.hotjar.com *.salesfire.co.uk *.trustpilot.com *.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://cdn.clerk.io https://*.doubleclick.net https://*.google.com https://*.google.co.uk *.cloudfront.net *.salesfire.co.uk *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com https://api.clerk.io https://cdn.clerk.io *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://www.google.com *.gstatic.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com player.vimeo.com *.salesfire.co.uk *.trustpilot.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.clerk.io https://cdn.clerk.io cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://*.googleapis.com *.typekit.net *.salesfire.co.uk fonts.googleapis.com *.trustpilot.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net *.salesfire.co.uk *.smartmetrics.co.uk *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.google.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.myedools.com *.twitter.com *.facebook.com www.facebook.com *.bb.com.br *.google.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.twitter.com *.cptec.inpe.br *.uol.com.br *.google.com *.doubleclick.net *.facebook.com www.facebook.com *.brasilseg.com.br *.googletagmanager.com *.directtalk.com.br widgets.aebroadcast.com.br devbrasilseg.espressolw.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' blob: data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net data: www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu urldefense.com *.facebook.com *.doubleclick.net *.tailtarget.com *.linkedin.com *.adsymptotic.com *.facebook.net www.google.com.br *.yahoo.com *.swagger.io *.broto.com.br d3wo5wojvuv7l.cloudfront.net tr.outbrain.com blob: *.google.com edools-3-production.s3.amazonaws.com assets.datagro.com *.clarity.ms *.bing.com https://img.youtube.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com bbseg-hml-router4me-webchat-broto-bundle.s3.amazonaws.com *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.facebook.net *.yimg.com *.jsuol.com.br *.yahoo.com *.uol.com.br *.licdn.com *.directtalk.com.br *.hotjar.com brasilseg.espressolw.com amplify.outbrain.com www.clarity.ms tr.outbrain.com appleid.cdn-apple.com www.googletagservices.com/tag/js/gpt.js securepubads.g.doubleclick.net https://www.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com bbseg-hml-router4me-webchat-broto-bundle.s3.amazonaws.com/webchat.css 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.myedools.com *.cloudflare.com *.twitter.com *.twimg.com *.yimg.com *.google-analytics.com *.doubleclick.net viacep.com.br *.uol.com.br f.clarity.ms cdn.linkedin.oribi.io www.facebook.com *.bb.com.br wss://bbseg-hml.router4me.com h.clarity.ms n.clarity.ms i.clarity.ms bbseg-hml.router4me.com px.ads.linkedin.com/wa/ *.googleadservices.com *.googletagmanager.com *.sandbox.paypal.com *.paypalobjects.com k.clarity.ms/collect wss://ws.hotjar.com content.hotjar.io g.clarity.ms/collect https://viacep.com.br 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.officeeasy.fr www.officeeasy.be www.officeeasy.nl www.officeeasy.es 'self'; frame-src bid.g.doubleclick.net www.googletagmanager.com player.vimeo.com *.youtube.com *.bolt.com https://www.google.com/recaptcha/ www.youtube.net td.doubleclick.net *.criteo.com www.officeeasy.fr accounts.google.com *.trustpilot.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com cdn.doofinder.com *.openstreetmap.org maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleadservices.com *.g.doubleclick.net www.google.fr *.getclicky.com tracker.beezup.com *.bing.com c.clarity.ms www.facebook.com px.ads.linkedin.com *.jivosite.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ magento-recs-sdk.adobe.net *.magento-datasolutions.com *.magento-ds.com cdn.doofinder.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.googleadservices.com *.g.doubleclick.net *.gstatic.com *.getclicky.com clicky.com *.criteo.com s.kk-resources.com tracker.beezup.com secure-gateway.hipay-tpp.com libs.hipay.com mpsnare.iesnare.com www.clickcease.com bat.bing.com www.clarity.ms cdn.subscribers.com connect.facebook.net snap.licdn.com accounts.google.com *.jivosite.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.doofinder.com *.getclicky.com accounts.google.com *.jivosite.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.jivosite.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com api.magento.com *.adobe.io performance.typekit.net *.snplow.net commerce.adobedc.net *.bolt.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.doofinder.com wss://*.doofinder.com maps.googleapis.com *.googleadservices.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.fr *.google.com pagead2.googlesyndication.com *.getclicky.com cdn.subscribers.com px.ads.linkedin.com *.jivosite.com wss://chat-eu1-2.jivosite.com wss://vi-ya4.jivosite.com wss://vi-ya-4.jivosite.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://bat.bing.com https://www.google-analytics.com https://www.googletagmanager.com https://*.healthroundprince.com https://cdn.privacy-mgmt.com https://cdn.ablyft.com; frame-ancestors 'none'; report-uri https://oapi.oskar.de/api/v3/tenant/1/language/1/shared/log/csp-violation; 1
object-src 'none';base-uri 'self';script-src 'nonce-dUFb56uFU-mvfyMgxl48hA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'Strict-Transport-Security:max-age=31536000' 'X-Content-Type-Optoins:nosniff' 'unsafe-inline' 'unsafe-eval' https://gsx-co-jp.s3.ap-northeast-1.amazonaws.com https://ajax.googleapis.com https://b97.yahoo.co.jp https://cdn.microad.jp https://releases.jquery.com http://aca-3pas.admatrix.jp https://programmablesearchengine.google.com/about http://dmp.im-apps.net https://fonts.googleapis.com http://lib-3pas.admatrix.jp http://s.yimg.jp https://ossl.google-analytics.com https://universe.send.microad.jp https://google.co.jp https://googleadservices.com https://www.googletagmanager.com https://marketingplatform.google.com/about/analytics https://www.google.com https://www.googleadservices.com https://googletagmanager.com http://fonts.gstatic.com https://developers.google.com/speed/libraries https://developers.google.com/maps http://maps.gstatic.com http://4.eir-parts.net https://fonts.adobe.com https://3ssl.google-analytics.com https://fonts.gstatic.com https://marketingplatform.google.com/about/enterprise https://code.jquery.com/jquery-1.11.1.min.js https://ajax.googleapis.com/ajax/libs/jquery/1.9.0/jquery.min.js https://cse.google.com/cse.js https://ajax.googleapis.com/ajax/libs/jquery/1.9.0/jquery.min.js https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://cse.google.com/adsense/search/async-ads.js https://googleads.g.doubleclick.net http://ajax.googleapis.com/ajax/libs/jquery/1.9.0/jquery.min.js https://ssl4.eir-parts.net/Custom/demo/v5parts/4417/jp/20211117/core/eir_common.js https://ssl4.eir-parts.net https://b99.yahoo.co.jp https://am.yahoo.co.jp https://connect.facebook.net https://maps.googleapis.com https://cdn.jsdelivr.net https://code.jquery.com/jquery-3.7.1.min.js https://go.gsx.co.jp https://pi.pardot.com https://clients1.google.com https://cse.google.com https://irpocket.com https://xml.irpocket.com https://code.highcharts.com https://b98.yahoo.co.jp/pagead/conversion_async.js https://sp-trk.com https://www.clarity.ms/s/0.7.24/clarity.js https://www.gsx.co.jp/ir/assets/js/jquery-3.1.1.min.js https://www.gsx.co.jp/ir/assets/js/ir-header.js https://www.gsx.co.jp/ir/assets/js/ir-site.js https://www.clarity.ms; report-uri /api/csp/report; 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.canadapost.ca https://sso.epost.ca *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.authorize.net www.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ mageside.com *.canadapost.ca *.canadapost-postescanada.ca *.googleapis.com *.gstatic.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.googleapis.com *.google.com *.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.authorize.net sandbox-assets.secure.checkout.visa.com maps.googleapis.com cdn.ampproject.org www.gstatic.com connect.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com https://static.klaviyo.com *.googleapis.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; manifest-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.authorize.net cdn.ampproject.org www.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: adservice.google.com *.googleapis.com *.gstatic.com www.google.com *.facebook.net polyfill.io *.imgix.net matomo.previfrance.fr *.facebook.com cdnjs.cloudflare.com client.axept.io static.axept.io api.axept.io ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src maxcdn.bootstrapcdn.com data: https://*.cloudflare.com *.typekit.net *.googleapis.com https://*.authorize.net https://*.cardinalcommerce.com https://*.trustedshops.com https://*.tawk.to https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://embed.productlead.me https://*.stage.xpertbeauty.bg https://xpertbeauty.local https://*.xpertbeauty.ro 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net https://www.facebook.com/ https://ct.pinterest.com/ https://*.stage.xpertbeauty.bg https://xpertbeauty.local https://*.xpertbeauty.ro 'self' 'unsafe-inline'; frame-ancestors data: 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net js.stripe.com www.google.com https://www.youtube.com https://www.google.com https://www.google.ro https://www.google.bg https://www.facebook.com/ https://*.cardinalcommerce.com https://*.authorize.net https://*.paypal.com https://*.sandbox.paypal.com https://*.hotjar.com https://*.pinterest.com https://*.googlesyndication.com https://googleads.g.doubleclick.net https://*.stage.xpertbeauty.bg https://xpertbeauty.local https://*.xpertbeauty.ro https://*.tawk.to https://s7.addthis.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.vimeocdn.com s.ytimg.com www.apptrian.com www.facebook.com ct.pinterest.com data: https://*.cloudflare.com https://cdn.klarna.com https://www.magecomp.com https://*.paypal.com www.paypalobjects.com https://*.sandbox.paypal.com https://*.g.doubleclick.net https://*.vimeocdn.com https://s.ytimg.com https://*.usercentrics.eu https://*.magentocommerce.com https://www.google.ro https://www.google.com https://*.tawk.to https://cdn.jsdelivr.net https://*.cdninstagram.com  https://*.xx.fbcdn.net www.instagram.com https://instagram.fcnd1-1.fna.fbcdn.net http://seal.alphassl.com/ https://secure.trust-provider.com https://ssl.comodo.com https://feedback.trusted.ro https://*.stage.xpertbeauty.bg https://xpertbeauty.local https://*.xpertbeauty.ro https://ct.pinterest.com maps.gstatic.com maps.google.com https://*.themarketer.com *.xpertbeauty.ro *.xpertbeauty.bg *.xpertbeauty.hu *.xpertbeauty.com *.datareshape.net https://*.google.com flagpedia.net cdn1.themarketer.com 'self' 'unsafe-inline'; script-src https://*.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net s.ytimg.com video.google.com https://*.vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com js.stripe.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com www.pinterest.com s.pinimg.com https://*.cloudflare.com https://*.google.com *.gstatic.com https://www.googletagmanager.com https://*.googlesyndication.com maps.googleapis.com https://*.trustedshops.com https://*.usercentrics.eu https://*.cardinalcommerce.com https://*.googleadservices.com https://googleadservices.com https://*.authorize.net https://*.paypalobjects.com https://*.ytimg.com *.braintreegateway.com *.signifyd.com https://connect.facebook.net https://embed.productlead.me https://chimpstatic.com https://*.tawk.to https://*.hotjar.com https://*.getsitecontrol.com https://*.g.doubleclick.net https://js-agent.newrelic.com/ https://bam.eu01.nr-data.net/ http://seal.alphassl.com/ https://secure.trust-provider.com https://cdn.jsdelivr.net https://s.pinimg.com https://*.pinterest.com https://*.paypal.com https://*.sandbox.paypal.com https://*.stage.xpertbeauty.bg https://xpertbeauty.local https://*.xpertbeauty.ro https://*.themarketer.com https://*.tiktok.com *.xpertbeauty.ro *.xpertbeauty.bg *.xpertbeauty.hu *.xpertbeauty.com *.datareshape.net *.avada.io cdn1.themarketer.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com maxcdn.bootstrapcdn.com https://*.cloudflare.com https://*.trustedshops.com https://*.usercentrics.eu https://maxcdn.bootstrapcdn.com https://embed.productlead.me https://*.tawk.to https://cdn.jsdelivr.net https://*.googleapis.com https://*.stage.xpertbeauty.bg https://xpertbeauty.local https://*.xpertbeauty.ro https://static.xpertbeauty.ro https://*.themarketer.com *.xpertbeauty.ro *.xpertbeauty.bg *.xpertbeauty.hu *.xpertbeauty.com *.datareshape.net *.gstatic.com cdn1.themarketer.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com www.facebook.com ct.pinterest.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com connect.facebook.net graph.facebook.com ct.pinterest.com https://*.cloudflare.com https://*.paypal.com https://*.cardinalcommerce.com www.facebook.com www.google-analytics.com https://*.tawk.to wss://*.tawk.to https://*.productlead.me wss://*.productlead.me www.instagram.com https://instagram.fcnd1-1.fna.fbcdn.net https://stats.g.doubleclick.net https://bam.eu01.nr-data.net https://*.stage.xpertbeauty.bg https://xpertbeauty.local https://*.xpertbeauty.ro https://ct.pinterest.com https://s7.addthis.com https://api-public.addthis.com https://in.hotjar.com https://vc.hotjar.io maps.googleapis.com https://*.themarketer.com https://*.tiktok.com *.xpertbeauty.ro *.xpertbeauty.bg *.xpertbeauty.hu *.xpertbeauty.com *.datareshape.net www.gstatic.com cdn1.themarketer.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://*.xpertbeauty.ro/; report-to report-endpoint; 1
default-src 'none'; style-src 'self'; img-src 'self'; connect-src 'self'; font-src 'self'; media-src 'self'; report-uri 'self'; child-src 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; frame-src 'self'; worker-src 'self'; manifest-src 'self'; base-uri 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-v7mt4VmXj9Vn_im_hy--Zg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-MzlKW8ZvRZjQcN9ohqMgiQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
connect-src 'self' consent-pref.trustarc.com consent.trustarc.com consent-reporting.trustarc.com *.g.doubleclick.net *.greatag.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com; font-src 'self' fonts.gstatic.com consent.trustarc.com data:; frame-src 'self' consent-pref.trustarc.com *.greatag.com d14qt9b6zkutf5.cloudfront.net *.greatamericaninsurancegroup.com charts.aghost.net www.youtube.com; img-src 'self' consent-pref.trustarc.com consent.trustarc.com consent.truste.com data: *.g.doubleclick.net *.greatag.com img.youtube.com *.dtn.com https://*.googletagmanager.com; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' consent.trustarc.com *.g.doubleclick.net https://*.googletagmanager.com; script-src 'unsafe-eval' 'self' 'unsafe-inline' *.g.doubleclick.net https://*.googletagmanager.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; report-uri https://greatamericancrop.report-uri.com/r/t/csp/reportOnly https://www.greatag.com/CSPReporting; 1
font-src *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.gstatic.com https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com https://cdnjs.cloudflare.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.kameleoon.eu *.hotjar.com *.iadvize.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.kameleoon.eu *.avis-verifies.com *.linkedin.com *.bing.com https://*.google.com *.google.fr *.gstatic.com *.facebook.com *.boutique-dalloz.fr/* *.alzmedia.fr *.link-page.info https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com maps.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.kameleoon.eu *.tiqcdn.com *.linkeo.com *.link-page.info *.licdn.com *.gstatic.com *.hotjar.com *.facebook.net *.bing.com *.avis-verifies.com *.doubleclick.net *.google.com https://*.ggpht.com *.googletagmanager.com *.iadvize.com *.target2sell.com *.alzmedia.fr https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io https://cdnjs.cloudflare.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.alzmedia.fr https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com https://cdnjs.cloudflare.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.kameleoon.eu *.iadvize.com *.hotjar.com *.hotjar.io *.googleapis.com/ *.target2sell.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-GyWN6pxkWceTKrnVL2LU-w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-HZD9VjQ8Y2q5qPsiYr_HWg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com https://cdnjs.cloudflare.com *.fontawesome.com https://www.gstatic.com https://fonts.gstatic.com https://ws.colissimo.fr maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ *.sharethis.com js.stripe.com *.weltpixel.com https://www.google.com https://www.youtube.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.sharethis.com https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://maps.googleapis.com https://maps.gstatic.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.facebook.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr https://www.google.fr https://api.mapbox.com *.tile.openstreetmap.org data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com https://cdn.polyfill.io cdn.jsdelivr.net js.stripe.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://browser.sentry-cdn.com https://cdnjs.cloudflare.com https://maps.googleapis.com maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.sharethis.com cdn.jsdelivr.net fonts.googleapis.com https://static.klaviyo.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.fontawesome.com tagmanager.google.com https://ws.colissimo.fr https://api.mapbox.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.getalma.eu https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.ingest.sentry.io maps.googleapis.com *.google-analytics.com *.facebook.net https://nominatim.openstreetmap.org https://get.geojs.io *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.googleapis.com fonts.gstatic.com https://fonts.gstatic.com https://ws.colissimo.fr data: *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net *.monetico-services.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com *.instagram.com *.monetico-services.com https://www.youtube.com https://form.typeform.com *.avis-verifies.com *.doublick.net *.criteo.com *.google.com https://plumrocket.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cdninstagram.com maps.googleapis.com maps.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr https://www.1083.fr https://www.maxvincent.fr https://www.modetic.com https://preprod.1083.fr https://preprod.maxvincent.fr https://preprod.modetic.com *.avis-verifies.com *.instagram.com https://www.netreviews.eu 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.instagram.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com *.avis-verifies.com https://bat.bing.com https://connect.facebook.net https://googleads.g.doubleclick.net https://*.google-analytics.com https://matomo.1083.fr https://www.googletagmanager.com https://widget.freshworks.com *.clarity.ms *.criteo.com *.axept.io https://cdnjs.cloudflare.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com https://widget.freshworks.com https://cdnjs.cloudflare.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.cdninstagram.com https://www.1083.fr https://www.maxvincent.fr https://www.modetic.com https://preprod.1083.fr https://preprod.maxvincent.fr https://preprod.modetic.com *.avis-verifies.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.monetico-services.com https://nominatim.openstreetmap.org https://widget.freshworks.com https://matomo.1083.fr https://*.google-analytics.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.avis-verifies.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com *.google-analytics.com www.2checkout.com connect.facebook.net www.google.com www.gstatic.com *.amazon-adsystem.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com; img-src 'self' data: librarika.com covers.librarika.com:8443 storage101.lon3.clouddrive.com *.ssl.cf3.rackcdn.com *.media-amazon.com *.ssl-images-amazon.com *.amazon-adsystem.com *.amazon.com *.gstatic.com *.google-analytics.com *.google.com; font-src 'self' data: fonts.gstatic.com; frame-src *.librarika.com www.2checkout.com *.facebook.com *.google.com *.amazon-adsystem.com *.youtube.com; connect-src 'self' www.google-analytics.com; object-src 'none'; report-uri https://5e5aa7c5f482dc373380fd2db250ce83.report-uri.com/r/d/csp/enforce 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-5fd8d0ffb5c84c14827d4ce71766cd10' https://myaccesshealth.net 'self';img-src https://* 'self' blob: data:;style-src https://myaccesshealth.net 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bannerflow.net *.lampenwelt.de *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.storyblok.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com https://cdn.consentmanager.net https://delivery.consentmanager.net secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com challenges.cloudflare.com https://www.recaptcha.net/recaptcha/ *.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net data: *.adyen.com *.brsrvr.com *.bloomreach.cloud https://cdn.consentmanager.net https://delivery.consentmanager.net cdn.pay1.de x.klarnacdn.net *.cloudfront.net *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu lw-cdn.com *.adingo.jp *.adnxs.com *.aralego.com *.bing.com *.bidswitch.net *.bluekai.com *.casalemedia.com *.clmbtech.com *.contentsquare.net *.consentmanager.net *.criteo.com *.dable.io *.doubleclick.net *.google.com *.googleapis.com *.lampenwelt.de *.linkedin.com *.media.net *.outbrain.com *.pubmatic.com *.rlcdn.com *.roeyecdn.com *.rubiconproject.com *.smaato.net *.smartadserver.com *.socdm.com *.stickyadstv.com *.taboola.com *.teads.tv *.unrulymedia.com *.yahoo.com *.yieldmo.com *.1rx.io *.3lift.com *.360yield.com *.mycliplister.com https://mycliplister.com *.storyblok.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com collector.sst.lights.ie data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com cdn.brcdn.com https://cdn.consentmanager.net https://delivery.consentmanager.net secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io challenges.cloudflare.com https://www.recaptcha.net/recaptcha/ *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com *.aticdn.net *.bing.com *.criteo.com *.contentsquare.net https://delivery *.doubleclick.net *.dwin1.com *.facebook.net *.hello-charles.com *.kk-resources.com *.lampenwelt.de *.licdn.com *.pinimg.com *.pinterest.com *.roeyecdn.com *.salesforceliveagent.com *.scarabresearch.com *.force.com *.tiktok.com https://mycliplister.com *.kameleoon.eu https://js-agent.newrelic.com *.storyblok.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.trustpilot.com collector.sst.lights.ie 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com d.ratepay.com d.payla.io dr.payla.io *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.force.com *.storyblok.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src https://cdn.consentmanager.net https://delivery.consentmanager.net 'self' 'unsafe-inline'; media-src *.adobe.com https://cdn.consentmanager.net https://delivery.consentmanager.net https://mycliplister.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.dxpapi.com https://cdn.consentmanager.net https://delivery.consentmanager.net payments.amazon.de d.ratepay.com jsctool.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.contentsquare.net *.criteo.com *.doubleclick.net *.googleadservices.com *.hello-charles.com *.lampenwelt.de *.linkedin.com *.pa-cd.com *.pinterest.com *.tiktok.com *.wepowerconnections.com *.xiti.com https://mycliplister.com *.kameleoon.io https://bam.eu01.nr-data.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.trustpilot.com collector.sst.lights.ie 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://cdn.consentmanager.net https://delivery.consentmanager.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-collector.magento.lampenwelt.tech; report-to report-endpoint; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' .clubedomalte.com.br *..clubedomalte.com.br ClubeDoMalte.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com cnt.my retargeter.com.br shopconvert.com.br tawk.to getblue.io hospedagemweb.net hotjar.io hotjar.com adschoom.com cloudflare.com linximpulse.net viptarget.com.br googleadservices.com smarthint.co bing.com ebit.com.br shoptarget.com.br googleapis.com doubleclick.net shopback.net citydsp.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com *.citydsp.com *.bing.com *.ebit.com.br *.shoptarget.com.br *.doubleclick.net *.shopback.net *.googleapis.com *.adschoom.com *.cloudflare.com *.linximpulse.net *.hotjar.com *.viptarget.com.br *.googleadservices.com *.smarthint.co *.hotjar.io *.getblue.io *.hospedagemweb.net *.tawk.to *.cnt.my *.retargeter.com.br *.shopconvert.com.br wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br *.picpay.com *.lomadee.com *.rakuten.com *.linksynergy.com *.nxtck.com *.xg4ken.com *.mybeerclass.com.br mybeerclass.com.br *.criteotilt.com *.criteo.net *.criteo.com aprtn.com *.aprtn.com *.g.doubleclick.net *.google.com *.plataformasocial.com.br *.dataroyal.com.br *.acstat.com *.advcakebr.com *.clearsale.com.br app.picpay.com *.googleoptimize.com *.amazonaws.com *.execute-api.sa-east-1.amazonaws.com vfourc5jd2.execute-api.sa-east-1.amazonaws.com dzpxyxks1bfmb.cloudfront.net *.duminio.com *.nacaocervejeira.com.br nacaocervejeira.com.br *.enviou.com.br *.gstatic.com *.google.com.br *.fbits.net *.soclminer.com.br *.btg360.com.br *.socialminer.com *.content-security-policy.com *.l2.io l2.io gstatic.com *.google-analytics.com *.googlesyndication.com *.googletagmanager.com *.com.pe *.netdeal.com.br checkout.clubedomalte.com.br signalrcore.fbits.net *.afilio.com.br wss://signalrcore.fbits.net *.g2afse.com *.analytics.tiktok *.netdeal.com *.cloudfront.net netdeal.com.br *.fontawesome.com *.rtb123.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.tps: tps: *.adnxs.com *.tiktok.com pub-csp.fbits.net google-analytics.com *.viacep.com.br *.clubedomalte.com.br *.localhost:5501 localhost:5501 *.fbitsstatic.net recursos.clubedomalte.com.br *.preciso.net d3u0jcwe5p7qrc.cloudfront.net d2rp1k1dldbai6.cloudfront.net cybba-bucket.s3.amazonaws.com *.cybba.solutions *.cybba.us storage.googleapis.com c.amazon-adsystem.com *.stackadapt.com *.adsrvr.org *.facebook.net *.cybbaview.com *.fbits.store *.adyen.com *.safrapay.com.br *.pagar.me *.mundipagg.com *.braintree-api.com *.*.braintree-api.com *.braintreegateway.com *.*.braintreegateway.com *.pagseguro.com.br *.*.pagseguro.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *..clubedomalte.com.br .clubedomalte.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho 1
default-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://tools.oxygem.it/csp-violation-report-endpoint/index.php 1
object-src 'none';base-uri 'self';script-src 'nonce-h3hkCXbYNgE9ZOifIWQGzA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
upgrade-insecure-requests; base-uri 'self'; form-action 'self'; connect-src 'self' partner.googleadservices.com gjtrack.ucweb.com adservice.google.com csi.gstatic.com www.google-analytics.com pagead2.googlesyndication.com stats.g.doubleclick.net e2i3z8w8.rocketcdn.me; frame-ancestors 'self'; default-src 'self'; worker-src 'self' blob:; child-src 'self'; media-src ssl.gstatic.com blob: data:; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'nonce-MzoSFlegAhE2T4X4lM336SGs6PQtKYN9T4fqUaP4x99M' *.google.dk *.google.com.tw *.google.com.kh *.google.si *.google.lv *.google.com.np *.google.dz *.google.al *.google.co.kr *.google.sr *.google.cm *.google.fi *.google.co.nz *.google.hn *.google.co.uz *.google.lt *.google.no *.google.com.ly *.google.ee *.google.so *.google.co.mz *.google.com.mt *.google.co.ls *.google.com.uy *.google.com.ai *.google.gm *.google.hr *.google.co.ve *.google.sk *.google.mv *.google.co.ao *.google.mk *.google.com.cy *.google.hu *.google.se *.google.com.na *.google.com.vc *.google.ch *.google.co.cr *.google.cl *.google.mw *.google.bg *.google.com.om *.google.com.pe *.google.vg *.google.com.ua *.google.it *.google.com.mx *.google.fr *.google.dm *.google.be *.google.co.zw *.google.ps *.google.co.tz *.google.ie *.google.co.ug *.google.com.bh *.google.bs *.google.com.tr www.pagespeed-mod.com *.google.tn *.google.com.kw *.google.com.et *.google.ae *.google.com.bd *.google.rs *.google.co.vi *.google.com.vn *.google.nl *.google.bj *.google.co.bw *.google.co.id *.google.ro *.google.co.il *.google.com.au *.google.es *.google.rw *.google.ru *.google.com.sg *.google.lk *.google.jo *.google.fr *.google.mu *.google.com.co *.google.pt *.google.co.zm *.google.as *.google.tt *.google.com.eg *.google.de *.google.com.sa *.google.com.gh *.google.co.uk *.google.com.br *.google.ca *.google.com.bz *.google.co.za *.google.com.ar *.google.at *.google.com.pk *.google.co.jp *.google.iq *.google.com.lb ssl.google-analytics.com connect.facebook.net www.googletagservices.com tpc.googlesyndication.com partner.googleadservices.com googleads.g.doubleclick.net pagead2.googlesyndication.com e2i3z8w8.rocketcdn.me www.googletagmanager.com www.google-analytics.com js.stripe.com *.google.co.ke *.google.gy *.google.com.ag *.google.com.my *.google.com.hk *.google.com.pr *.google.co.in *.google.com.qa *.google.com.ph *.google.gr www.google.gy *.google.com.jm *.google.com.ng *.google.cz *.google.com *.google.pl 'sha256-bhKEEVOiIxLN/VceGh4agRX1V61Z23Ne+Ib+tYKKdHo=' 'sha256-uEHrNkDYqGM5WlxX2TSTjQZZbMUJ2pmwTB8HDuU+cMc=' 'sha256-3xTn5du4uqQ2xauKGk7dJDOz8SKByuw6wU5bNltzFSI=' 'sha256-DMAZxMwhpDkRzLC7NRsJjgYK/BtvDllbh2Pc5le0yBo=' 'sha256-O6tLTfUkpE6E07mUb0WDCimT81RpI3CbPnm+8v7wJaY='; style-src 'self' 'unsafe-inline' e2i3z8w8.rocketcdn.me fonts.googleapis.com maxcdn.bootstrapcdn.com; font-src 'self' fonts.googleapis.com use.fontawesome.com static3.avast.com e2i3z8w8.rocketcdn.me fonts.gstatic.com maxcdn.bootstrapcdn.com data:; frame-src 'self' cdn.ampproject.org www.google.com.ng js.stripe.com www.google.com googleads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com; object-src 'self'; report-uri /mycsp.php 1
font-src https://widgets.trustedshops.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com bid.g.doubleclick.net js.mollie.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://www.mollie.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com www.xtento.com cdn.xtento.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com app.authorized.by player.vimeo.com js.mollie.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com www.xtento.com cdn.xtento.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com app.authorized.by api.friendlycaptcha.com eu-api.friendlycaptcha.eu *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.paypalobjects.com 'self' 'unsafe-inline'; report-uri https://9d149a5d-cd44-43a1-b850-cd1f930c5061.sansec.watch/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-rV1jTSGv911LMVnBwc3u_g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors https://sdccd.instructure.com/ https://sdmiramar.edu http://sdmiramar.edu https://dev.loc http://dev.loc; child-src *; report-uri /report-csp-violation 1
frame-src https://www.facebook.com https://go.nexon.com.au *.google.com; 1
default-src 'self' auspost.net.au *.auspost.net.au cloudflare.com *.cloudflare.com doubleclick.net *.doubleclick.net facebook.com *.facebook.com facebook.net *.facebook.net google-analytics.com *.google-analytics.com google.co.nz *.google.co.nz google.com *.google.com googletagmanager.com *.googletagmanager.com maps.googleapis.com *.maps.googleapis.com paypal.com *.paypal.com paypalobjects.com *.paypalobjects.com rarespares.net.au *.rarespares.net.au youtube.com *.youtube.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=pNOPlyS.tNP.NGyjWNKzawA96w_Ju8uPxr69zJi98zo-1721957813-1.0.1.1-gkblbPixBP34NThc4ZvGmIrS4GZB_PEOEx9eosTCcfAKZp2l_sLcSrvMdsEhn1zWM6IL4_BsYLo8JJTrCcTbatPiGO6wR59Me66bCo0sHa62ZEK.Us_idZfkUyiRR..THS8gzZtMMRDWL4nqGF8tjkYiqRYo_YxBrq6XjTGZ4ncrz9nav0erk.1YCldZwIF_QHCBmyLAS_tPYkkNfyszkg; report-to cf-cjniiynxatiwvqmr 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.adyen.com *.dotdigital-pages.com *.dotdigital.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com p.typekit.net *.adyen.com *.trackedlink.net display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.facebook.com ecomm-cdn.trurating.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ * assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.adyen.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.googletagmanager.com *.facebook.net ecomm-cdn.trurating.com ecommwidget.trurating.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com display.ugc.bazaarvoice.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.snplow.net commerce.adobedc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * *.adobe.io performance.typekit.net *.sentry.io geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.algolia.net *.algolia.com *.algolianet.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.google-analytics.com ecommapi.trurating.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src  cdnjs.cloudflare.com   maxcdn.bootstrapcdn.com   cdn.jsdelivr.net  fonts.bunny.net *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/  td.doubleclick.net/   www.weltpixel.com  www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io  www.google.rs   drs2.veinteractive.com  maps.googleapis.com   www.magmodules.eu   *.stackpathcdn.com  trengo.s3.eu-central-1.amazonaws.com bat.bing.com imgsct.cookiebot.com c.clarity.ms c.bing.com https://static.buckaroo.nl *.faslet.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com 'self' data: *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/  config1.veinteractive.com   rs2.veinteractive.com   cdn.livechatinc.com   api.livechatinc.com   maps.googleapis.com   cdn.widget.trengo.eu   static.widget.trengo.eu   consent.cookiebot.com   www.clarity.ms   bat.bing.com  https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl *.faslet.net chimpstatic.com downloads.mailchimp.com *.list-manage.com *.plugins.emarsys.net *.scarabresearch.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.bunny.net https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl downloads.mailchimp.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com  *.stackpathcdn.com  static.widget.trengo.eu 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com  stats.g.doubleclick.net/j/collect  maps.googleapis.com   api.widget.trengo.eu   googleads.g.doubleclick.net   r.clarity.ms  https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.faslet.net *.scarabresearch.com *.eservice.emarsys.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.cloudflare.com *.twitter.com *.facebook.net *.gstatic.com *.typekit.net *.twimg.com *.hotjar.com *.trustedshops.com *.googleapis.com *.magentocommerce.com *.paypal.com *.cardinalcommerce.com *.authorize.net *.fontawesome.com *.trusturk.com *.jivosite.com *.dia.com.tr *.googletagmanager.com *.google-analytics.com *.creativecdn.com https://creativecdn.com wss://chat-eu1-2.jivosite.com wss://vi-ya3.jivosite.com wss://vi-ya2.jivosite.com *.segmentify.com *.doubleclick.net *.mncdn.com *.speedsize.com *.useinsider.com *.licdn.com *.gurgencler.com.tr *.linkedin.com *.yandex.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.google.com *.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com https://www.googletagmanager.com/ *.twitter.com *.google.com *.gstatic.com *.hotjar.com *.google.com.tr *.veinteractive.com *.demdex.net *.solocpm.com *.facebook.com *.facebook.net *.addthis.com *.livechatinc.com *.yandex.ru *.adyen.com *.vimeo.com *.doubleclick.net *.bluekai.com *.useinsider.com *.trusturk.com *.jivosite.com *.dia.com.tr node-eu1-b-1.jivosite.com *.paypal.com *.googletagmanager.com *.google-analytics.com *.creativecdn.com https://creativecdn.com wss://vi-ya3.jivosite.com wss://vi-ya2.jivosite.com wss://chat-eu1-2.jivosite.com *.segmentify.com *.mncdn.com *.speedsize.com *.licdn.com *.gurgencler.com.tr *.linkedin.com *.googleapis.com *.yandex.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.swagger.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.paypalobjects.com *.hotjar.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.magentocommerce.com *.cardinalcommerce.com *.authorize.net *.omtrdc.net *.newrelic.com *.doubleclick.net *.google.com *.google.com.tr *.facebook.com *.facebook.net *.demdex.net *.everesttech.net *.googleapis.com *.gstatic.com *.adis.ws *.livechatinc.com *.yandex.ru *.adyen.com *.setrowid.com *.setrow.com *.instagram.com *.useinsider.com *.googletagmanager.com *.mobilexpress.com.tr *.trusturk.com *.jivosite.com *.dia.com.tr *.creativecdn.com https://creativecdn.com wss://chat-eu1-2.jivosite.com wss://vi-ya3.jivosite.com wss://vi-ya2.jivosite.com *.segmentify.com *.mncdn.com *.speedsize.com *.licdn.com *.gurgencler.com.tr *.linkedin.com *.yandex.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.magentocommerce.com *.paypal.com *.hotjar.com *.cardinalcommerce.com *.authorize.net *.omtrdc.net *.instana.io *.google.com *.google.com.tr *.googletagmanager.com *.veinteractive.com *.facebook.net *.supert.ag *.setrowid.com *.mainadv.com *.doubleclick.net *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.livechatinc.com *.yandex.ru *.adyen.com *.vimeo.com *.jsdelivr.net *.setrow.com *.instagram.com *.criteo.com *.criteo.net *.ciritizr.com *.bkrtx.com *.cloudfront.net *.useinsider.com *.critizr.com *.behance.net *.swagger.io *.mobilexpress.com.tr *.trusturk.com *.dia.com.tr *.jivosite.com *.creativecdn.com https://creativecdn.com wss://chat-eu1-2.jivosite.com wss://vi-ya3.jivosite.com wss://vi-ya2.jivosite.com *.segmentify.com *.mncdn.com *.speedsize.com *.licdn.com *.gurgencler.com.tr *.linkedin.com *.yandex.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.facebook.net *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.magentocommerce.com *.fontawesome.com *.paypal.com *.paypalobjects.com *.hotjar.com *.cardinalcommerce.com *.authorize.net *.omtrdc.net *.newrelic.com *.setrowid.com *.setrow.com *.critizr.com *.useinsider.com *.adobedtm.com *.google-analytics.com *.googletagmanager.com *.swagger.io *.jivosite.com *.dia.com.tr *.trusturk.net *.creativecdn.com https://creativecdn.com wss://chat-eu1-2.jivosite.com wss://vi-ya3.jivosite.com wss://vi-ya2.jivosite.com *.segmentify.com *.doubleclick.net *.mncdn.com *.speedsize.com *.licdn.com *.gurgencler.com.tr *.linkedin.com *.yandex.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.trusturk.com *.jivosite.com *.dia.com.tr node-eu1-b-1.jivosite.com *.paypal.com *.googletagmanager.com *.google-analytics.com *.creativecdn.com https://creativecdn.com wss://chat-eu1-2.jivosite.com wss://vi-ya3.jivosite.com wss://vi-ya2.jivosite.com *.segmentify.com *.doubleclick.net *.mncdn.com *.speedsize.com *.useinsider.com *.licdn.com *.gurgencler.com.tr *.linkedin.com *.googleapis.com *.yandex.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net *.bolt.com qa-api.magedevteam.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.cloudflare.com *.google-analytics.com *.doubleclick.net *.twitter.com *.facebook.com *.facebook.net *.paypal.com *.paypalobjects.com *.hotjar.com *.hotjar.io *.twimg.com *.magentocommerce.com *.cardinalcommerce.com *.cardinalcommerce.net *.veinteractive.com *.demdex.net *.yandex.ru *.vimeo.com *.setrowid.com *.setrow.com *.useinsider.com *.adobedtm.com *.swagger.io *.trusturk.com *.jivosite.com *.dia.com.tr *.googletagmanager.com *.creativecdn.com https://creativecdn.com wss://chat-eu1-2.jivosite.com wss://vi-ya3.jivosite.com wss://vi-ya2.jivosite.com *.segmentify.com *.mncdn.com *.speedsize.com *.licdn.com *.gurgencler.com.tr *.linkedin.com *.googleapis.com *.yandex.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce--0W8NxrbbPJKVqbelYFEjw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.yotpo.com *.googleapis.com *.gstatic.com images.latitudepayapps.com imageapi.magebinary.co.nz *.fontawesome.com maxcdn.bootstrapcdn.com *.cdninstagram.com *.amazonaws.com *.data-dynamic.net *.blob.core.windows.net *.jameslane.com.au *.azurewebsites.net *.azureedge.net *.servicebus.windows.net *.zdassets.com *.typekit.net *.zopim.com *.facebook.com *.facebook.net *.google.com *.zipmoney.com.au *.paypalobjects.com widget-mediator.zopim.com *.hotjar.com *.srv.stackadapt.com *.latitudefinancial.com *.latitudepayapps.com *.lfscnp.com *.paypal.com *.zendesk.com *.tiktok.com cdnjs.cloudflare.com zip.co *.edge.zip.co *.afterpay.com *.google.com.ua *.cloudfront.net *.preezie.com *.pinterest.com mcprod.jameslane.com.au tag.lexer.io tag.rmp.rakuten.com ui-widgets.preezie.io api-widgets.preezie.io track.lexer.io consent.linksynergy.com bpi.zip.co browser-http-intake.logs.datadoghq.com static.zip.co jameslane-au.attn.tv events.attentivemobile.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com cloudinary.com *.cloudinary.com *.nosto.com *.nos.to *.yotpo.com *.images.latitudepayapps.com *.imageapi.magebinary.co.nz *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * widget-mediator.zopim.com *.jameslane.com.au *.hotjar.com *.srv.stackadapt.com mcprod.jameslane.com.au tag.lexer.io tag.rmp.rakuten.com ui-widgets.preezie.io api-widgets.preezie.io track.lexer.io consent.linksynergy.com bpi.zip.co images.latitudepayapps.com browser-http-intake.logs.datadoghq.com static.zip.co jameslane-au.attn.tv events.attentivemobile.com *.facebook.com facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk cloudinary.com *.cloudinary.com cdnjs.cloudflare.com *.nosto.com *.nos.to www.xtento.com *.yotpo.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://secure.tillpayments.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com widget-mediator.zopim.com *.jameslane.com.au *.hotjar.com *.srv.stackadapt.com *.zipmoney.com.au *.edge.zip.co *.afterpay.com *.google.com.ua *.cloudfront.net *.preezie.com *.pinterest.com mcprod.jameslane.com.au tag.lexer.io tag.rmp.rakuten.com ui-widgets.preezie.io api-widgets.preezie.io track.lexer.io consent.linksynergy.com bpi.zip.co images.latitudepayapps.com browser-http-intake.logs.datadoghq.com static.zip.co jameslane-au.attn.tv events.attentivemobile.com *.facebook.com facebook.com *.paypalobjects.com paypalobjects.com *.kaptcha.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://static.afterpay.com https://site-assets.afterpay.com/ cloudinary.com *.cloudinary.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.nosto.com *.nos.to www.xtento.com cdn.xtento.com *.yotpo.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com t.zip.co static.zipmoney.com.au *.cdninstagram.com *.amazonaws.com *.data-dynamic.net *.blob.core.windows.net *.jameslane.com.au *.googleapis.com *.gstatic.com *.azurewebsites.net *.azureedge.net *.servicebus.windows.net *.zdassets.com *.typekit.net *.zopim.com *.facebook.com *.facebook.net *.google.com *.zipmoney.com.au *.paypalobjects.com widget-mediator.zopim.com *.hotjar.com *.srv.stackadapt.com *.latitudefinancial.com *.latitudepayapps.com *.lfscnp.com *.zendesk.com *.tiktok.com cdnjs.cloudflare.com zip.co *.edge.zip.co *.afterpay.com *.google.com.ua *.cloudfront.net *.preezie.com *.pinterest.com mcprod.jameslane.com.au tag.lexer.io tag.rmp.rakuten.com ui-widgets.preezie.io api-widgets.preezie.io track.lexer.io consent.linksynergy.com bpi.zip.co images.latitudepayapps.com browser-http-intake.logs.datadoghq.com static.zip.co jameslane-au.attn.tv events.attentivemobile.com *.rakuten.com *.linksynergy.com *.nxtck.com *.xg4ken.com *.leadsrx.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://api.addressfinder.io https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com polyfill.io cloudinary.com *.cloudinary.com cdnjs.cloudflare.com *.youtube.com *.vimeo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.nosto.com *.nos.to https://widget-cdn.preezie.com https://cdn.attn.tv https://client.prod.mplat-ppcprotect.com www.xtento.com cdn.xtento.com *.yotpo.com cdn.lr-ingest.io https://cdn.jsdelivr.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com s7.addthis.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://gateway.tillpayments.com https://test-gateway.tillpayments.com https://secure.tillpayments.com static.zipmoney.com.au zip.co js-agent.newrelic.com bam.nr-data.net trx-cdn.zip.co static.zip.co api.instagram.com googleads.g.doubleclick.net *.instagram.com *.barilliance.com *.barilliance.net *.googleapis.com *.azureedge.net *.servicebus.windows.net *.zdassets.com *.zopim.com *.facebook.net *.rakuten.com *.pinimg.com cdnapisec.kaltura.com preezie.io *.preezie.io paypal.com clarity.ms *.clarity.ms mplat-ppcprotect.com *.mplat-ppcprotect.com lr-ingest.io *.lr-ingest.io pinterest.com *.pinterest.com widget-mediator.zopim.com *.jameslane.com.au *.hotjar.com *.srv.stackadapt.com *.latitudefinancial.com *.latitudepayapps.com *.lfscnp.com *.zendesk.com *.tiktok.com mcprod.jameslane.com.au tag.lexer.io tag.rmp.rakuten.com ui-widgets.preezie.io api-widgets.preezie.io track.lexer.io consent.linksynergy.com bpi.zip.co images.latitudepayapps.com browser-http-intake.logs.datadoghq.com jameslane-au.attn.tv events.attentivemobile.com *.linksynergy.com *.nxtck.com *.xg4ken.com *.leadsrx.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://api.addressfinder.io static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com cloudinary.com *.cloudinary.com https://static.klaviyo.com *.nosto.com *.nos.to *.yotpo.com *.googleapis.com images.latitudepayapps.com/ imageapi.magebinary.co.nz/ *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.cdninstagram.com *.amazonaws.com *.data-dynamic.net *.blob.core.windows.net *.jameslane.com.au *.gstatic.com *.azurewebsites.net *.azureedge.net *.servicebus.windows.net *.zdassets.com *.typekit.net *.zopim.com *.facebook.com *.facebook.net *.google.com *.zipmoney.com.au *.paypalobjects.com widget-mediator.zopim.com *.hotjar.com *.srv.stackadapt.com mcprod.jameslane.com.au tag.lexer.io tag.rmp.rakuten.com ui-widgets.preezie.io api-widgets.preezie.io track.lexer.io consent.linksynergy.com bpi.zip.co images.latitudepayapps.com browser-http-intake.logs.datadoghq.com static.zip.co jameslane-au.attn.tv events.attentivemobile.com static-tracking.klaviyo.com 'self' 'unsafe-inline'; object-src widget-mediator.zopim.com *.jameslane.com.au *.hotjar.com *.srv.stackadapt.com mcprod.jameslane.com.au tag.lexer.io tag.rmp.rakuten.com ui-widgets.preezie.io api-widgets.preezie.io track.lexer.io consent.linksynergy.com bpi.zip.co images.latitudepayapps.com browser-http-intake.logs.datadoghq.com static.zip.co jameslane-au.attn.tv events.attentivemobile.com 'self' 'unsafe-inline'; media-src cloudinary.com *.cloudinary.com *.cdninstagram.com *.amazonaws.com *.data-dynamic.net *.blob.core.windows.net *.jameslane.com.au *.googleapis.com *.gstatic.com *.azurewebsites.net *.azureedge.net *.servicebus.windows.net *.zdassets.com *.typekit.net *.zopim.com *.facebook.com *.facebook.net *.google.com *.zipmoney.com.au *.paypalobjects.com widget-mediator.zopim.com *.hotjar.com *.srv.stackadapt.com mcprod.jameslane.com.au tag.lexer.io tag.rmp.rakuten.com ui-widgets.preezie.io api-widgets.preezie.io track.lexer.io consent.linksynergy.com bpi.zip.co images.latitudepayapps.com browser-http-intake.logs.datadoghq.com static.zip.co jameslane-au.attn.tv events.attentivemobile.com 'self' 'unsafe-inline'; manifest-src widget-mediator.zopim.com *.jameslane.com.au *.hotjar.com *.srv.stackadapt.com mcprod.jameslane.com.au tag.lexer.io tag.rmp.rakuten.com ui-widgets.preezie.io api-widgets.preezie.io track.lexer.io consent.linksynergy.com bpi.zip.co images.latitudepayapps.com browser-http-intake.logs.datadoghq.com static.zip.co jameslane-au.attn.tv events.attentivemobile.com 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://api.addressfinder.io static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io cloudinary.com *.cloudinary.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.nosto.com *.nos.to *.yotpo.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://gateway.tillpayments.com https://test-gateway.tillpayments.com wss://widget-mediator.zopim.com bam.nr-data.net trx.sandbox.zip.co api.instagram.com stats.g.doubleclick.net analytics.google.com *.instagram.com *.barilliance.com *.barilliance.net *.googleapis.com *.gstatic.com *.azurewebsites.net *.azureedge.net *.servicebus.windows.net *.zdassets.com *.zendesk.com *.zopim.com *.amplitude.com *.hotjar.io trx.zip.co preezie.io *.preezie.io paypal.com clarity.ms *.clarity.ms mplat-ppcprotect.com *.mplat-ppcprotect.com lr-ingest.io *.lr-ingest.io widget-mediator.zopim.com *.jameslane.com.au *.hotjar.com *.srv.stackadapt.com *.latitudefinancial.com *.latitudepayapps.com *.lfscnp.com *.tiktok.com cdnjs.cloudflare.com zip.co *.zipmoney.com.au *.edge.zip.co *.afterpay.com *.google.com.ua *.cloudfront.net *.preezie.com *.pinterest.com mcprod.jameslane.com.au tag.lexer.io tag.rmp.rakuten.com ui-widgets.preezie.io api-widgets.preezie.io track.lexer.io consent.linksynergy.com bpi.zip.co images.latitudepayapps.com browser-http-intake.logs.datadoghq.com static.zip.co jameslane-au.attn.tv events.attentivemobile.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com widget-mediator.zopim.com *.jameslane.com.au *.hotjar.com *.srv.stackadapt.com mcprod.jameslane.com.au tag.lexer.io tag.rmp.rakuten.com ui-widgets.preezie.io api-widgets.preezie.io track.lexer.io consent.linksynergy.com bpi.zip.co images.latitudepayapps.com browser-http-intake.logs.datadoghq.com static.zip.co jameslane-au.attn.tv events.attentivemobile.com http: https: blob: 'self' 'unsafe-inline'; default-src *.images.latitudepayapps.com *.imageapi.magebinary.co.nz widget-mediator.zopim.com *.jameslane.com.au *.hotjar.com *.srv.stackadapt.com mcprod.jameslane.com.au tag.lexer.io tag.rmp.rakuten.com ui-widgets.preezie.io api-widgets.preezie.io track.lexer.io consent.linksynergy.com bpi.zip.co images.latitudepayapps.com browser-http-intake.logs.datadoghq.com static.zip.co jameslane-au.attn.tv events.attentivemobile.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri widget-mediator.zopim.com *.jameslane.com.au *.hotjar.com *.srv.stackadapt.com mcprod.jameslane.com.au tag.lexer.io tag.rmp.rakuten.com ui-widgets.preezie.io api-widgets.preezie.io track.lexer.io consent.linksynergy.com bpi.zip.co images.latitudepayapps.com browser-http-intake.logs.datadoghq.com static.zip.co jameslane-au.attn.tv events.attentivemobile.com 'self' 'unsafe-inline'; 1
font-src fonts.googleapis.com fonts.gstatic.com *.cloudflare.com sdkm.gwbq.fr *.twitter.com *.gstatic.com *.typekit.net https://fonts.gstatic.com *.fontawesome.com *.bootstrapcdn.com media.lepetitsouk.fr static.lepetitsouk.fr d3gbdgnfs9ulge.cloudfront.net lepetitsouk.piwik.pro lepetitsouk.containers.piwik.pro 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.twitter.com media.lepetitsouk.fr static.lepetitsouk.fr d3gbdgnfs9ulge.cloudfront.net lepetitsouk.piwik.pro lepetitsouk.containers.piwik.pro *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.weltpixel.com *.adyen.com *.twitter.com *.google.com *.pinterest.com *.addthis.com media.lepetitsouk.fr static.lepetitsouk.fr d3gbdgnfs9ulge.cloudfront.net *.snapwidget.com static.addtoany.com gum.criteo.com lepetitsouk.piwik.pro lepetitsouk.containers.piwik.pro *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.openstreetmap.org maps.googleapis.com maps.gstatic.com *.adyen.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.cloudflare.com sdkm.gwbq.fr *.gstatic.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.paypal.com *.twitter.com *.google.com *.google.fr *.instagram.com *.facebook.com *.facebook.net media.lepetitsouk.fr static.lepetitsouk.fr d3gbdgnfs9ulge.cloudfront.net axeptio.imgix.net lepetitsouk.piwik.pro lepetitsouk.containers.piwik.pro * https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.adyen.com cdn.ampproject.org raw.githubusercontent.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.cloudflare.com sdkm.gwbq.fr *.twitter.com *.google-analytics.com *.googletagmanager.com *.google.com *.google.fr *.gstatic.com *.trustedshops.com *.fontawesome.com static.addtoany.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com apis.google.com *.googleapis.com *.facebook.com *.facebook.net graph.instagram.com widgets.pinterest.com media.lepetitsouk.fr static.lepetitsouk.fr d3gbdgnfs9ulge.cloudfront.net *.axept.io lepetitsouk.piwik.pro lepetitsouk.containers.piwik.pro gum.criteo.com * *.moatads.com *.pinterest.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.cloudflare.com sdkm.gwbq.fr *.googleapis.com *.twitter.com *.gstatic.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com media.lepetitsouk.fr static.lepetitsouk.fr d3gbdgnfs9ulge.cloudfront.net lepetitsouk.piwik.pro lepetitsouk.containers.piwik.pro *.addtoany.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com *.adyen.com cdn.ampproject.org *.cloudflare.com sdkm.gwbq.fr *.gstatic.com *.pinterest.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.paypal.com *.twitter.com *.google.com *.google.fr *.instagram.com *.doubleclick.net media.lepetitsouk.fr static.lepetitsouk.fr d3gbdgnfs9ulge.cloudfront.net *.axept.io lepetitsouk.piwik.pro lepetitsouk.containers.piwik.pro gum.criteo.com static.addtoany.com *.facebook.com *.facebook.net http://dpm.demdex.net *.addthis.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://*.gstatic.com *.gstatic.com *.typekit.net *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://*.doubleclick.net https://*.google.com https://*.hotjar.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.twitter.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://*.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.trackedlink.net https://*.doubleclick.net https://*.google.com https://*.google.co.uk *.cloudfront.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://www.google.com *.gstatic.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com/ cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://*.googleapis.com *.typekit.net *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.twitter.com *.twimg.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com fonts.googleapis.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sc-static.net *.snapchat.com/ *.tiktok.com *.facebook.net/ https://plumrocket.com https://accounts.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.unbxdapi.com *.googleadservices.com/ *.facebook.net *.facebook.com *.google.hr *.tiktok.com *.snapchat.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com *.unbxdapi.com  *.cloudflare.com  https://sc-static.net *.snapchat.com  *.analytics.tiktok.com *.tiktok.com *.facebook.net/ *.cloudfront.net *.googleapis.com https://accounts.google.com https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.b-cdn.net *.unbxdapi.com *.cloudflare.com *.tiktok.com *.facebook.net https://accounts.google.com https://www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.googleapis.com *.unbxd.io *.tiktok.com *.snapchat.com *.google.com *.facebook.net *.g.doubleclick.ne https://accounts.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ https://player.vimeo.com https://www.youtube-nocookie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.facebook.com *.openstreetmap.org https://maps.googleapis.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com *.hsforms.net *.hsforms.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net chimpstatic.com downloads.mailchimp.com *.list-manage.com *.googletagmanager.com *.facebook.net https://player.vimeo.com https://www.youtube.com *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.adobe.io performance.typekit.net *.sentry.io *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.google-analytics.com *.openstreetmap.org https://maps.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.onetrust.com cdn.segment.com cdn.cookielaw.org cdn.jsdelivr.net static.addtoany.com *.facebook.com get.geojs.io www.googletagmanager.com netdna.bootstrapcdn.com *.facebook.net cdnjs.cloudflare.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src data: https://static.payzen.eu/static/ *.fontawesome.com https://widgets.trustedshops.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.sandbox.paypal.com https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ js.mollie.com https://secure.payzen.eu/vads-payment/ https://static.payzen.eu/static/ www.google.com https://www.googletagmanager.com/ app-wallee.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org *.usercentrics.eu *.google.com/ads/ *.google.pl/ads/ https://www.mollie.com https://secure.payzen.eu/static/latest/images/type-carte/ https://static.payzen.eu/static/ https://secure.payzen.eu/vads-payment/ *.klarna.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.salesmanago.pl app-wallee.com *.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.pinimg.com *.usercentrics.eu js.mollie.com https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com www.google.com www.gstatic.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://www.salesmanago.pl app-wallee.com *.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.payzen.eu/static/ *.fontawesome.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.usercentrics.eu *.google-analytics.com *.doubleclick.net https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ *.trustedshops.com *.etrusted.com https://integrations.etrusted.site http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ salesmanago.pl salesmanago.es salesmanago.com https://www.salesmanago.pl 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.paypalobjects.com 'self' 'unsafe-inline'; report-uri https://www.example.com/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-J3b1V9ZTIko7K_8awWz9JQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Sh0GZye5tua44kix76G8CQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.googleapis.com fonts.gstatic.com static.klaviyo.com maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.meetanshi.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.devdomain.io *.sessioncam.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io cdnjs.cloudflare.com services.postcodeanywhere.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://meetanshi.com/media/logo.png *.meetanshi.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.feefo.com *.gstatic.com 'self' data: *.bakerdays.com *.bing.com *.t.co *.sessioncam.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.pcapredict.com services.postcodeanywhere.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.meetanshi.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com twitter.com platform.twitter.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com https://chimpstatic.com *.feefo.com *.pinimg.com *.ads-twitter.com *.twitter.com *.cloudfront.net *.sessioncam.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com services.postcodeanywhere.co.uk https://static.klaviyo.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com services.postcodeanywhere.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.meetanshi.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.doubleclick.net *.feefo.com https://www.google-analytics.com *.sessioncam.com www.googleapis.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-PadPcR2QSx5BL7xTaq8r9A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-X9E1QGaN-l9QbCzKMZ2orQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.fontawesome.com *.bootstrapcdn.com *.fonts.gstatic.com 'self' data: *.klarnacdn.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://www.youtube.com *.youtube-nocookie.com *.stripe.com *.google.com/ *.sagepay.com *.opayo.eu.elavon.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.player.vimeo.com *.trustpilot.com *.hotjar.com *.facebook.com *.google.com *.livechatinc.com *.doubleclick.net *.arcot.com *.cdn-surfline.com *.klarna.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.stripe.com *.google.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com *.google.co.uk *.doubleclick.net *.facebook.com *.bat.bing.com *.livechatinc.com https://www.magezon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net maps.gstatic.com *.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.stripe.com *.google.com/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.sagepay.com *.opayo.eu.elavon.com *.googletagmanager.com *.chimpstatic.com *.trustpilot.com *.hotjar.com *.connect.facebook.net *.google.com *.gstatic.com *.bat.bing.com *.livechatinc.com *.bam-cell.nr-data.net *.googleoptimize.com *.ajax.cloudflare.com *.klarna.com *.klarnacdn.net *.klarnaservices.com s7.addthis.com player.vimeo.com maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.stripe.com *.google.com downloads.mailchimp.com *.sagepay.com *.opayo.eu.elavon.com *.fontawesome.com *.bootstrapcdn.com *.fonts.gstatic.com *.fonts.googleapis.com *.klarnacdn.net tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com *.stripe.com *.google.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com *.fontawesome.com *.hotjar.io *.hotjar.com *.craftyclicks.co.uk *.bing.com *.google-analytics.com *.doubleclick.net *.facebook.com *.google.co.uk *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com ekr.zdassets.com/ https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://portal.envisagedigital.co.uk/api/website/8rhepcgvxf/report-uri; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-lNfMi4eNO75KHR8PbGMfyA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' *.purechat.com *.rackspacecdn.com *.tiktok.com *.google.com *.purechatcdn.com; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-ancestors 'self'; report-uri https://hbyzx11a.uriports.com/reports/report; report-to default 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.criteo.com creatives.attn.tv *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.bing.com *.mobilitysmart.co.uk *.googletagmanager.com cdn-images.mailchimp.com pillowexpert.matomo.cloud *.google.co.uk * *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io *.gstatic.com *.bing.com *.cloudflare.com *.twitter.com *.fontawesome.com cdn.mobilitysmart.co.uk pillowexpert.matomo.cloud *.criteo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.bootstrapcdn.com *.mobilitysmart.co.uk *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io *.cloudflare.com *.googleadservices.com *.google.co.uk *.google.com *.doubleclick.net region1.analytics.google.com maxcdn.bootstrapcdn.com *.criteo.com *.bing.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://abi.mobilitysmart.co.uk/cspreport.php; report-to report-endpoint; 1
object-src 'none'; script-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; script-src-attr 'self'; style-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self'; frame-ancestors * 1
default-src 'self' auctionaccess.okta.com autotecfid.com *.oktacdn.com; connect-src 'self' auctionaccess.okta.com auctionaccess-admin.okta.com autotecfid.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com auctionaccess.kerberos.okta.com auctionaccess.mtls.okta.com https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' auctionaccess.okta.com autotecfid.com *.oktacdn.com; style-src 'unsafe-inline' 'self' auctionaccess.okta.com autotecfid.com *.oktacdn.com; frame-src 'self' auctionaccess.okta.com auctionaccess-admin.okta.com autotecfid.com login.okta.com *.vidyard.com; img-src 'self' auctionaccess.okta.com autotecfid.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' auctionaccess.okta.com autotecfid.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' 1
default-src * data: ; script-src * 'unsafe-inline' 'unsafe-eval' cdn.matomo.cloud diateam.matomo.cloud; style-src * 'unsafe-inline' data: ; frame-ancestors 'self' ; frame-src 'self' www.google.com platform.twitter.com syndication.twitter.com www.youtube.com; block-all-mixed-content; report-uri https://www.diateam.net/.csp/report 1
object-src 'none';base-uri 'self';script-src 'nonce-f0FmLXZrxhGX0G90AhGM9Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src https://cdn.riverty.design/ use.fontawesome.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com static.dhlparcel.nl fonts.googleapis.com fonts.gstatic.com kit-pro.fontawesome.com fonts.bunny.net cdn.jsdelivr.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com uc8.tv www.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com uc8.tv https://documents.riverty.com/ *.sharethis.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com marcvanwilligen.nl www.marcvanwilligen.nl *.trustpilot.com *.fls.doubleclick.net view.publitas.com zinzi.prepaidpoint.nl checkoutshopper-test.adyen.com www.facebook.com ct.pinterest.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://cdn.myafterpay.com/ uc8.tv https://cdn.riverty.design/ *.sharethis.com www.facebook.com *.fls.doubleclick.net www.zinzi.nl *.datatrics.com *.pinterest.com static.sooqr.com maps.googleapis.com maps.gstatic.com checkoutshopper-test.adyen.com ssl.google-analytics.com *.ggpht.com trengo.s3.eu-central-1.amazonaws.com *.sooqr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.magmodules.eu *.squeezely.tech ade.googlesyndication.com uat-secure.pointspay.com secure.pointspay.com *.pointspay.com imgsct.cookiebot.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ checkoutshopper-test.adyen.com uc8.tv https://cdn.myafterpay.com/ https://cdn.bnpl.riverty.io/ *.sharethis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com widget.trustpilot.com marcvanwilligen.nl www.marcvanwilligen.nl *.googletagmanager.com *.widget.trengo.eu connect.facebook.net *.pinterest.com *.datatrics.com static.sooqr.com view.publitas.com maps.googleapis.com ssl.google-analytics.com www.zinzi.nl s.pinimg.com static.dhlparcel.nl widget-acc.paazl.com *.sooqr.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com squeezely.tech www.squeezely.tech *.squeezely.tech *.marcvanwilligen.nl loylfy.test consent.cookiebot.com app.varify.io varify.io widget.paazl.com api.paazl.com api-acc.paazl.com consentcdn.cookiebot.com js-agent.newrelic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com marcvanwilligen.nl www.marcvanwilligen.nl *.fontawesome.com static.sooqr.com static.dhlparcel.nl fonts.googleapis.com https://widget-acc.paazl.com *.sooqr.com unsafe-inline assets.braintreegateway.com *.marcvanwilligen.nl fonts.bunny.net *.widget.trengo.eu ct.pinterest.com widget-acc.paazl.com api-acc.paazl.com widget.paazl.com api.paazl.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.widget.trengo.eu 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com https://cdn.myafterpay.com/ https://documents.myafterpay.com/ https://documents.riverty.com/ https://www.afterpay.nl/ https://cdn.bnpl.riverty.io/ https://trace-api.newrelic.com/ https://distributions.crowdin.net/ https://api.crowdin.com/ *.sharethis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.widget.trengo.eu *.trengohelp.com stats.g.doubleclick.net *.datatrics.com api-acc.paazl.com *.amazonaws.com maps.googleapis.com ct.pinterest.com https://widget-acc.paazl.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com squeezely.tech *.squeezely.tech pagead2.googlesyndication.com region1.google-analytics.com app.varify.io varify.io widget.paazl.com widget-acc.paazl.com consentcdn.cookiebot.com googleads.g.doubleclick.net/ sst.zinzi.nl api.paazl.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com https://static.addtoany.com/ js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.buckaroo.nl https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.addtoany.com/ https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.fontawesome.com *.googleapis.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://stats.addtoany.com/menu https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' ; script-src 'unsafe-eval' 'unsafe-inline' 'self' player.vimeo.com youtube-nocookie.com youtube.com google-analytics.com googletagmanager.com connect.facebook.net https:;; object-src 'none'; style-src 'unsafe-inline' 'self' googletagmanager.com https:;; img-src 'self' data: https:;; media-src 'self' player.vimeo.com youtube-nocookie.com https:;; frame-src 'self' player.vimeo.com youtube-nocookie.com https:;; frame-ancestors 'self'; child-src 'self' player.vimeo.com youtube-nocookie.com https:;; font-src 'self' data: https:;; connect-src 'self' player.vimeo.com youtube-nocookie.com https:;; report-uri /report-csp-violation 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com *.bootstrapcdn.com 'unsafe-inline' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://live.streamdays.com lightwidget.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io camo.githubusercontent.com cdn.doofinder.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com https://cdn.klarna.com *.shore.co.uk https://s.ytimg.com *.google.com *.google.co.uk *.googletagmanager.com *.jsdelivr.net *.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com cdn.doofinder.com widget.freshworks.com m2epro.freshdesk.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.gstatic.com *.googleapis.com *.jsdelivr.net https://live.streamdays.com https://cdn.lightwidget.com https://www.googletagmanager.com tagmanager.google.com unpkg.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.doofinder.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.cloudflare.com *.bootstrapcdn.com *.googleapis.com *.jsdelivr.net tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.doofinder.com wss://*.doofinder.com widget.freshworks.com m2epro.freshdesk.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.google-analytics.com *.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.eands.com.au https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.facebook.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.eands.com.au 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk https://*.google.com *.doubleclick.net *.facebook.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.eands.com.au *.criteo.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.adyen.com https://static.afterpay.com https://site-assets.afterpay.com/ 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.eands.com.au *.newrelic.com *.nr-data.net *.googleapis.com *.criteo.net *.criteo.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com downloads.mailchimp.com *.eands.com.au *.typography.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src *.eands.com.au 'self' 'unsafe-inline'; media-src *.adobe.com *.eands.com.au 'self' 'unsafe-inline'; manifest-src *.eands.com.au 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.google-analytics.com *.facebook.com *.facebook.net https://*.google.com thm.visa.com *.eands.com.au *.nr-data.net *.newrelic.com *.googleapis.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src *.eands.com.au assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.eands.com.au *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.sharethis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.afterpay.com https://site-assets.afterpay.com/ *.sharethis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.trackedlink.net t.zip.co static.zipmoney.com.au data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.sharethis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com static.zipmoney.com.au zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.sharethis.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.sharethis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.googleapis.com *.cloudflare.com *.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com connect.facebook.net graph.facebook.com business.facebook.com *.openstreetmap.org maps.googleapis.com maps.gstatic.com *.google.fr cdn.snapppt.com *.cdninstagram.com *.schott-store.com black.bird.eu *.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com snapppt.com cdn.snapppt.com api.snapppt.com *.googleapis.com *.actito.be *.tiktok.com *.adnxs.com *.cloudfront.net sc-static.net *.snapchat.com *.zebestof.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.google-analytics.com www.facebook.com *.facebook.net connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com *.g.doubleclick.net snapppt.com *.tiktok.com *.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://cdn.riverty.design/ *.fontawesome.com * data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com uc8.tv * 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com uc8.tv https://documents.riverty.com/ * *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com https://cdn.myafterpay.com/ uc8.tv https://cdn.riverty.design/ ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://images.unsplash.com *.facebook.com * *.multisafepay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com uc8.tv https://cdn.myafterpay.com/ https://cdn.bnpl.riverty.io/ chimpstatic.com downloads.mailchimp.com *.list-manage.com https://polyfill-fastly.io https://browser.sentry-cdn.com *.googletagmanager.com *.facebook.net * https://widget-acc.paazl.com https://api-acc.paazl.com/ *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com * https://widget-acc.paazl.com https://api-acc.paazl.com/ *.multisafepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com * 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com uc8.tv https://cdn.myafterpay.com/ https://documents.myafterpay.com/ https://documents.riverty.com/ https://www.afterpay.nl/ https://cdn.bnpl.riverty.io/ https://trace-api.newrelic.com/ https://distributions.crowdin.net/ https://api.crowdin.com/ https://*.ingest.sentry.io *.google-analytics.com * https://widget-acc.paazl.com https://api-acc.paazl.com/ *.multisafepay.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; connect-src 'self' assets-cdn.kodomo-booster.com www.google-analytics.com am.yahoo.co.jp analytics.google.com measurement-api.criteo.com stats.g.doubleclick.net; font-src 'self' fonts.gstatic.com assets-cdn.kodomo-booster.com data:; frame-src 'self' bid.g.doubleclick.net youtube.com www.youtube.com fledge.as.criteo.com gum.criteo.com td.doubleclick.net; img-src 'self' image2.kodomo-booster.com assets-cdn.kodomo-booster.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google-analytics.com googleads.g.doubleclick.net www.google.com maps.gstatic.com *.googleapis.com *.ggpht ad.as.amanad.adtdp.com ade.clmbtech.com adgen.socdm.com adx.dable.io b99.yahoo.co.jp beacon.krxd.net c.bing.com cm.g.doubleclick.net contextual.media.net criteo-sync.teads.tv cs.adingo.jp dev.visualwebsiteoptimizer.com dis.criteo.com eb2.3lift.com gum.criteo.com hb.yahoo.net ib.adnxs.com idsync.rlcdn.com pixel.rubiconproject.com r.casalemedia.com rtb-csync.smartadserver.com s.ad.smaato.net simage2.pubmatic.com sync-criteo.ads.yieldmo.com sync-t1.taboola.com sync.outbrain.com tags.bluekai.com tg.socdm.com tr.line.me www.facebook.com www.google.co.jp x.bidswitch.net data:; script-src 'self' assets-cdn.kodomo-booster.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com www.google.com googleads.g.doubleclick.net maps.googleapis.com www.itokuro.jp b99.yahoo.co.jp connect.facebook.net d.line-scdn.net dev.visualwebsiteoptimizer.com sslwidget.criteo.com 'unsafe-inline' 'unsafe-eval' 'nonce-PrAZtHKPPT8aGoSRTI/2QKmyGzxm1Av18P2BESQ5q48='; style-src 'self' tagmanager.google.com fonts.googleapis.com assets-cdn.kodomo-booster.com 'unsafe-inline' 'nonce-PrAZtHKPPT8aGoSRTI/2QKmyGzxm1Av18P2BESQ5q48='; report-uri https://o240875.ingest.sentry.io/api/5769216/security/?sentry_key=bf03e8125dc74d988001801b90a625db&sentry_environment=production 1
font-src fonts.gstatic.com use.typekit.net *.klarnacdn.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.klarna.com *.klarnaevt.com *.klarnacdn.net https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com cdn.cookielaw.org data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com *.klarnacdn.net *.klarnaservices.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cdn.cookielaw.org 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnacdn.net unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com cdn.cookielaw.org *.onetrust.io *.onetrust.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://d3q9kdqrtloda.cloudfront.net/ https://i.ytimg.com/ https://www.youtube-nocookie.com/ https://noembed.com/ https://cdn.plyr.io/ https://cdn-ukwest.onetrust.com/ https://geolocation.onetrust.com/ https://www.google.com/ https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://px.ads.linkedin.com/ https://api.hubapi.com/ https://cta-service-cms2.hubspot.com/ https://c1001.report.gbss.io/ https://analytics.tiktok.com/ https://forms.hubspot.com/ https://region1.analytics.google.com/ https://*.analytics.google.com/ https://region1.google-analytics.com/ https://*.google-analytics.com/ https://pagead2.googlesyndication.com https://privacyportal-uk.onetrust.com/ https://*.onetrust.com/; style-src 'self' 'unsafe-inline' https://static.formstack.com/forms/css/ https://static.formstack.com/common/css/; script-src 'self' https://www.youtube.com/ https://cambridgeenglish.formstack.com/forms/ 'sha256-5woGd/mZkUg7jRI9rPBZPHKC+LdyheFkTyKDMVNRNAs=' https://static.hotjar.com/c/ https://static.formstack.com/forms/js/ 'sha256-BEia3zQX2ZCFqcEfWBg9chT7nMc26YOr506FmhGqIfE=' 'sha256-z+rMOYNYmUbRI0OKIZH9HZneWmS3dJkEIDLisI+5LwI=' 'sha256-4QifgdTNZlur9Y/OOGOV3SggRLnQQR4peyehG9Y5buo=' https://www.google.com/ https://www.gstatic.com/ https://cdn-ukwest.onetrust.com/ https://www.googletagmanager.com/ 'sha256-rbMVlXlWb1FxlmTxqO6hQI+5VPCMoqHMqeyWMrzk9E4=' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'sha256-/6m2tVE+3ZAyrBnUps+rDpHpCwMi0VgW9mdVym2y2cE=' 'sha256-nanbr0ZSJrOvEvr6c5gV8UarYfjNXF+TAtmA9GjvyJ0=' 'sha256-ATpn7Ex50rRSNqmoA432bWfqvlsGB6CD/7fE2WtoU5A=' 'sha256-iXVjrS+TzaVqRdjZV8gecO6OkuAcobYu2OjiJVT8LYU=' 'sha256-+WTu64J4HVaiLZC0nSjR9XxbZZg1xX7cdNM/WA/pDcQ=' 'sha256-tOY0R/wVWZCxGQPtXP0ptphYuCKkCpgNHQy/ZkwhCCY=' 'sha256-xc61KVzUrz5aO4ACQyRqjH2fPpfIb/xoMmSSEiU+PWU=' 'sha256-wyNlDF2abbsDx6TZogcKckBQwZ4N8qFR3SAepboU7Sk=' 'sha256-tOY0R/wVWZCxGQPtXP0ptphYuCKkCpgNHQy/ZkwhCCY=' blob: 'unsafe-eval' https://www.google-analytics.com/ https://snap.licdn.com/ https://googleads.g.doubleclick.net/ https://static.ads-twitter.com https://www.googleadservices.com/ https://connect.facebook.net/ https://a.quora.com/ https://js.hs-scripts.com/ https://analytics.tiktok.com/ https://cdn.gbqofs.com/ https://cl.qualaroo.com/ https://assets.ubembed.com/ https://js.hs-analytics.net/ https://js.hsadspixel.net/ https://js.hsleadflows.net/ https://js.hs-banner.com/ https://js.hubspot.com/ https://cdn.gbqofs.com/ https://analytics.tiktok.com/ https://cdn.gbqofs.com/ https://snap.licdn.com/ https://14d7fb0767d540569b202283222297c0.js.ubembed.com/ 'sha256-1e5RR2OpHhuX2h0Bat19DsNTmqbo4M3T1pqfeTXCHaA='; object-src 'none'; font-src 'self' https://static.formstack.com/forms/fonts/; img-src 'self' data: https://d3q9kdqrtloda.cloudfront.net/ https://s3.eu-west-2.amazonaws.com/ielts-web-static/ www.googletagmanager.com https://i.ytimg.com/ https://cdn-ukwest.onetrust.com/ https://ad.doubleclick.net/ https://px.ads.linkedin.com/ https://googleads.g.doubleclick.net/ https://www.google.com/ https://t.co https://analytics.twitter.com/ https://www.facebook.com/ https://q.quora.com/ https://adservice.google.com/ https://perf-na1.hsforms.com/ https://*.google.ad/ https://*.google.ae/ https://*.google.com.af/ https://*.google.com.ag/ https://*.google.al/ https://*.google.am/ https://*.google.co.ao/ https://*.google.com.ar/ https://*.google.as/ https://*.google.at/ https://*.google.com.au/ https://*.google.az/ https://*.google.ba/ https://*.google.com.bd/ https://*.google.be/ https://*.google.bf/ https://*.google.bg/ https://*.google.com.bh/ https://*.google.bi/ https://*.google.bj/ https://*.google.com.bn/ https://*.google.com.bo/ https://*.google.com.br/ https://*.google.bs/ https://*.google.bt/ https://*.google.co.bw/ https://*.google.by/ https://*.google.com.bz/ https://*.google.ca/ https://*.google.cd/ https://*.google.cf/ https://*.google.cg/ https://*.google.ch/ https://*.google.ci/ https://*.google.co.ck/ https://*.google.cl/ https://*.google.cm/ https://*.google.cn/ https://*.google.com.co/ https://*.google.co.cr/ https://*.google.com.cu/ https://*.google.cv/ https://*.google.com.cy/ https://*.google.cz/ https://*.google.de/ https://*.google.dj/ https://*.google.dk/ https://*.google.dm/ https://*.google.com.do/ https://*.google.dz/ https://*.google.com.ec/ https://*.google.ee/ https://*.google.com.eg/ https://*.google.es/ https://*.google.com.et/ https://*.google.fi/ https://*.google.com.fj/ https://*.google.fm/ https://*.google.fr/ https://*.google.ga/ https://*.google.ge/ https://*.google.gg/ https://*.google.com.gh/ https://*.google.com.gi/ https://*.google.gl/ https://*.google.gm/ https://*.google.gr/ https://*.google.com.gt/ https://*.google.gy/ https://*.google.com.hk/ https://*.google.hn/ https://*.google.hr/ https://*.google.ht/ https://*.google.hu/ https://*.google.co.id/ https://*.google.ie/ https://*.google.co.il/ https://*.google.im/ https://*.google.co.in/ https://*.google.iq/ https://*.google.is/ https://*.google.it/ https://*.google.je/ https://*.google.com.jm/ https://*.google.jo/ https://*.google.co.jp/ https://*.google.co.ke/ https://*.google.com.kh/ https://*.google.ki/ https://*.google.kg/ https://*.google.co.kr/ https://*.google.com.kw/ https://*.google.kz/ https://*.google.la/ https://*.google.com.lb/ https://*.google.li/ https://*.google.lk/ https://*.google.co.ls/ https://*.google.lt/ https://*.google.lu/ https://*.google.lv/ https://*.google.com.ly/ https://*.google.co.ma/ https://*.google.md/ https://*.google.me/ https://*.google.mg/ https://*.google.mk/ https://*.google.ml/ https://*.google.com.mm/ https://*.google.mn/ https://*.google.com.mt/ https://*.google.mu/ https://*.google.mv/ https://*.google.mw/ https://*.google.com.mx/ https://*.google.com.my/ https://*.google.co.mz/ https://*.google.com.na/ https://*.google.com.ng/ https://*.google.com.ni/ https://*.google.ne/ https://*.google.nl/ https://*.google.no/ https://*.google.com.np/ https://*.google.nr/ https://*.google.nu/ https://*.google.co.nz/ https://*.google.com.om/ https://*.google.com.pa/ https://*.google.com.pe/ https://*.google.com.pg/ https://*.google.com.ph/ https://*.google.com.pk/ https://*.google.pl/ https://*.google.pn/ https://*.google.com.pr/ https://*.google.ps/ https://*.google.pt/ https://*.google.com.py/ https://*.google.com.qa/ https://*.google.ro/ https://*.google.ru/ https://*.google.rw/ https://*.google.com.sa/ https://*.google.com.sb/ https://*.google.sc/ https://*.google.se/ https://*.google.com.sg/ https://*.google.sh/ https://*.google.si/ https://*.google.sk/ https://*.google.com.sl/ https://*.google.sn/ https://*.google.so/ https://*.google.sm/ https://*.google.sr/ https://*.google.st/ https://*.google.com.sv/ https://*.google.td/ https://*.google.tg/ https://*.google.co.th/ https://*.google.com.tj/ https://*.google.tl/ https://*.google.tm/ https://*.google.tn/ https://*.google.to/ https://*.google.com.tr/ https://*.google.tt/ https://*.google.com.tw/ https://*.google.co.tz/ https://*.google.com.ua/ https://*.google.co.ug/ https://*.google.co.uk/ https://*.google.com.uy/ https://*.google.co.uz/ https://*.google.com.vc/ https://*.google.co.ve/ https://*.google.co.vi/ https://*.google.com.vn/ https://*.google.vu/ https://*.google.ws/ https://*.google.rs/ https://*.google.co.za/ https://*.google.co.zm/ https://*.google.co.zw/ https://*.google.cat/ https://www.google-analytics.com/ https://*.linkedin.com/ https://*.amazonaws.com/ielts-web-static/ https://adservice.google.co.uk/; frame-src 'self' https://www.google.com/ https://www.youtube-nocookie.com/ https://www.youtube.com/ https://dntcl.qualaroo.com/ https://td.doubleclick.net/; 1
default-src 'self'; base-uri 'self'; connect-src 'self' about: api2.weltsparen.de 1752680588.rsc.cdn77.org *.google.com api.fbanalytics.org  api.global-data-lab.com api.ultimateaderaser.com cdn.raisin.es ciuvo.com data: *.kaspersky-labs.com *.clarity.ms overbridgenet.com sdk-tracing.exponea.com tr.outbrain.com translate.googleapis.com w88p9x.com www.google.be www.google.ca www.google.cl www.google.co.cr www.google.co.jp www.google.co.mz www.google.co.uk www.google.com.ar www.google.com.bo www.google.com.br www.google.com.co www.google.com.do www.google.com.ec www.google.com.gt www.google.com.mx www.google.com.ni www.google.com.pa www.google.com.pe www.google.com.pr www.google.com.py www.google.com.sv www.google.de www.google.es www.google.fr www.google.hn www.google.it www.google.nl www.google.pt www.googletagmanager.com api2.raisin.com consent-api.service.consent.usercentrics.eu bat.bing.com *.google.com sdk-tracing.exponea.com service-proxy-logger-wfcmkywozq-ey.a.run.app www.facebook.com www.raisin.es api.raisin-pension.de collector.raisin.com region1.google-analytics.com stats.g.doubleclick.net pagestates-tracking.crazyegg.com assets-tracking.crazyegg.com tracking.crazyegg.com api.usercentrics.eu app.launchdarkly.com clientstream.launchdarkly.com ekr.zdassets.com events.launchdarkly.com privacy-proxy.usercentrics.eu raisin-api.exponea.com script.crazyegg.com bam.eu01.nr-data.net com-raisin-prod1.mini.snplow.net graphql.usercentrics.eu aggregator.service.usercentrics.eu raisin-es.zendesk.com api.weltsparen.de static.zdassets.com s3.eu-central-1.amazonaws.com auth.weltsparen.de *.clarity.ms browser-intake-datadoghq.eu; font-src 'self' about: fonts.gstatic.com cdn.raisin.es account.affilitizer.com chrome-extension moz-extension data: www.raisin.es cdnjs.cloudflare.com cdn.goin.cloud; frame-ancestors 'self'; frame-src 'self' tpc.googlesyndication.com www.facebook.com app.usercentrics.eu mozbar.moz.com notify.bluecoat.com	www.googletagmanager.com td.doubleclick.net app.usercentrics.eu auth.weltsparen.de online-acquisition-pw-public-assets.s3.eu-central-1.amazonaws.com www.raisin.es www.youtube.com eu-app.contentstack.com; img-src *; manifest-src 'self'; media-src 'self'; object-src 'none'; report-uri /_/reports; script-src 'self' about: 'unsafe-inline' 'unsafe-eval' amplify.outbrain.com app.usercentrics.eu bat.bing.com connect.facebook.net conoret.com d1y068gyog18cq.cloudfront.net data1.eligrop.com data1.tatoflex.com data1.thetto.com *.kaspersky-labs.com js-agent.newrelic.com js.hs-analytics.net js.hs-banner.com mstat.acestream.net privacy-proxy.usercentrics.eu raisin-api.exponea.com sc-static.net script.crazyegg.com static.zdassets.com vwvwvwvw.b-cdn.net *.outbrain.com www.clarity.ms www.googleadservices.com www.googletagmanager.com *.raisin.es connect.facebook.net track.adform.net s2.adform.net bat.bing.com cdn.raisin.es d1y068gyog18cq.cloudfront.net www.google-analytics.com amplify.outbrain.com js.hs-scripts.com s.d.adup-tech.com webanalytics.btelligent.net js.hs-analytics.net connect.facebook.net js.hs-banner.com tr.outbrain.com blob: snap.licdn.com smct.co app.usercentrics.eu privacy-proxy.usercentrics.eu raisin-api.exponea.com static.zdassets.com www.googletagmanager.com js-agent.newrelic.com bam.eu01.nr-data.net script.crazyegg.com www.raisin.es cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' cdn.raisin.es js.hs-banner.com d.adup-tech.com cdn.jsdelivr.net fonts.googleapis.com translate.googleapis.com www.raisin.es cdnjs.cloudflare.com; worker-src 'self' blob: 1
font-src fonts.gstatic.com use.typekit.net googleapis.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.sharethis.com vimeo.com *.hotjar.com http://insight.adsrvr.org/ *.google.com *.googletagmanager.com https://d1eoo1tco6rr5e.cloudfront.net/ https://adservices.brandcdn.com/ *.paypal.com *.sandbox.paypal.com *.apsclicktopay.com *.dotdigital-pages.com *.dotdigital.com newassets.hcaptcha.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.sharethis.com *.googleadservices.com *.googleapis.com *.paypal.com *.paypalobjects.com http://insight.adsrvr.org/ *.google.com *.googletagmanager.com *.facebook.com https://match.adsrvr.org/ https://cm.g.doubleclick.net/ https://pixel.rubiconproject.com/ https://hb.yahoo.net/ https://tags.bluekai.com/ https://secure-gl.imrworldwide.com/ https://loadm.exelator.com/ https://mid.rkdms.com/ https://load77.exelator.com/ https://uipglob.semasio.net/ https://eb2.3lift.com/ https://ads.scorecardresearch.com/ https://i.liadm.com/ https://i6.liadm.com/ https://tags.rd.linksynergy.com/ https://match.sharethrough.com/ https://idpix.media6degrees.com/ https://dsum-sec.casalemedia.com/ https://x.bidswitch.net/ https://dmp.truoptik.com/ https://secure.insightexpressai.com/ https://simage2.pubmatic.com/ https://bidagent.xad.com/ *.google.co.in/ https://match.sync.ad.cpe.dotomi.com/ https://onetag-sys.com/ https://avd.innity.com/ *.trackedlink.net addevent.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net use.typekit.net *.magento-datasolutions.com *.magento-ds.com *.sharethis.com https://connect.facebook.net https://*.hotjar.com 'unsafe-inline' *.googleadservices.com googleapis.com *.paypal.com *.sandbox.paypal.com *.googletagmanager.com *.paypalobjects.com *.googleapis.com *.google.com *.gstatic.com https://p.typekit.net/ https://use.typekit.net https://*.hotjar.com http://adservices.brandcdn.com/ http://tag.brandcdn.com/ https://kadromm.atlassian.net/ addevent.com https://cdn.addevent.com/ https://*.addevent.com/ https://duplin-winery.disqus.com/ *.apsclicktopay.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal 'self' data: maps.googleapis.com hcaptcha.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.sharethis.com https://*.hotjar.com https://p.typekit.net/ https://use.typekit.net/ *.apsclicktopay.com getfirebug.com googleapis.com addevent.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com api.magento.com commerce.adobe.io performance.typekit.net *.magento-datasolutions.com *.magento-ds.com *.adobe.io *.sentry.io *.sharethis.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com https://stats.g.doubleclick.net/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com maps.googleapis.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com hcaptcha.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';           script-src 'self' 'unsafe-eval' 'unsafe-inline' pt www.googletagmanager.com *.dynatrace.com *.googleapis.com *.assurantsolutions.com *.optimizely.com www.google.com www.enterice.com www.google-analytics.com www.gstatic.com az416426.vo.msecnd.net ajax.aspnetcdn.com glassboxdigital.com cdn.gbqofs.com www.googleoptimize.com *.inmoment.com *.asapp.com *.trustarc.com stats.g.doubleclick.net cdn.quantummetric.com cdn.userway.org pay.google.com;           connect-src 'self' *.dynatrace.com *.optimizely.com www.enterice.com www.google-analytics.com dc.services.visualstudio.com report.assurant.gbqofs.io *.googleapis.com *.inmoment.com *.asapp.com *.trustarc.com stats.g.doubleclick.net *.userway.org google.com *.google.com;           img-src 'self' data: maps.gstatic.com *.googleapis.com *.ggpht.com www.trustlogo.com www.enterice.com www.google-analytics.com mywirelessclaim.com *.assurantsolutions.com www.google.com www.googletagmanager.com ajax.aspnetcdn.com mobileclaimstest.azureedge.net *.trustarc.com consent.truste.com stats.g.doubleclick.net dashboard.umbraco.org fonts.gstatic.com cdn.userway.org www.gstatic.com;                       style-src 'self' 'unsafe-inline' fonts.googleapis.com www.enterice.com maxcdn.bootstrapcdn.com ajax.aspnetcdn.com *.asapp.com www.googletagmanager.com cdn.userway.org;           font-src 'self' fonts.gstatic.com *.trustarc.com cdn.userway.org;           frame-src 'self' *.optimizely.com www.google.com www.surveymonkey.com *.asapp.com *.trustarc.com *.inmoment.com cdn.userway.org pay.google.com;           worker-src blob:;           report-uri /umbraco/Surface/CSPReport/SaveCSPReport; 1
font-src maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ account.fetchify.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com landofcoder.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com s7.addthis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com landofcoder.com https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com cc-cdn.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk ekr.zdassets.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com landofcoder.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src use.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://plumrocket.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com https://plumrocket.com app.chatterspot.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io nrastore.com *.cloudfront.net www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com nrastore.com *.cloudfront.net cdn.nextopia.net *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com songbirdstag.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.authorize.net assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.typekit.net *.cloudfront.net cdn.nextopia.net cdn.dnky.co webchat.dotdigital.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cloudfront.net persona.nextopia.net thm.visa.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com fonts.gstatic.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.bird.eu maps.gstatic.com maps.googleapis.com cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com maps.googleapis.com https://cdnjs.cloudflare.com payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com maps.googleapis.com payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-4g6WAoefCWA3ZLAIAruG5w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://kit.fontawesome.com/ https://js.monitor.azure.com https://ajax.googleapis.com https://*.google.com https://www.gstatic.com https://*.kubra.com https://*.apogee.net https://js.braintreegateway.com https://*.paypal.com; style-src 'self' 'unsafe-inline' https://*.kubra.com https://fonts.googleapis.com; img-src * 'self' data:; font-src * 'self' data:; connect-src *; frame-src https://*.apogee.net https://*.google.com https://*.paypal.com; report-uri /csp/report 1
font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.stripe.com *.google.com *.opayo.eu.elavon.com maxcdn.bootstrapcdn.com *.typekit.net *.sharethis.com www.ilfordphoto.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.stripe.com *.google.com *.opayo.eu.elavon.com www.ilfordphoto.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.ilfordphoto.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net *.facebook.com *.dotdigital-pages.com *.dotdigital.com *.stripe.com *.opayo.eu.elavon.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw www.xtento.com www.ilfordphoto.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.trackedlink.net *.stripe.com ebizmarts-website.s3.amazonaws.com *.paypal.com *.opayo.eu.elavon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ store.paradoxlabs.com *.typekit.net *.sharethis.com www.xtento.com cdn.xtento.com www.ilfordphoto.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.gstatic.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.stripe.com *.opayo.eu.elavon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.authorize.net *.sharethis.com *.typekit.net www.xtento.com cdn.xtento.com www.ilfordphoto.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.stripe.com *.google.com *.opayo.eu.elavon.com https://static.klaviyo.com maxcdn.bootstrapcdn.com *.typekit.net www.ilfordphoto.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.ilfordphoto.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.stripe.com *.paypal.com *.opayo.eu.elavon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.authorize.net *.typekit.net *.sharethis.com stats.g.doubleclick.net www.ilfordphoto.com 'self' 'unsafe-inline'; child-src www.ilfordphoto.com http: https: blob: 'self' 'unsafe-inline'; default-src www.ilfordphoto.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com *.googleapis.com *.gstatic.com *.fontawesome.com *.cloudflare.com *.cloudfront.net *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com 'unsafe-inline' data: dhv2ziothpgrr.cloudfront.net *.klevu.com *.ksearchnet.com 'self' data: *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.list-manage.com *.sjv.io *.stripe.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.affirm.com *.affirm.ca *.doubleclick.net *.facebook.com *.flexiti.fi *.google.com *.google.com.vn *.hotjar.com jardindeville.com maisoncorbeil.com mustsociete.com *.o2web.ws *.pinterest.com *.stripe.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.googleapis.com *.gstatic.com *.affirm.com *.affirm.ca *.bird.eu *.cloudflare.com *.cloudfront.net *.doubleclick.net *.facebook.com *.bing.com *.flexiti.fi *.google.ca *.google.com *.googleadservices.com *.google-analytics.com *.google.com.au *.google.com.vn jardindeville.com *.klarna.com *.lightemporium.com maisoncorbeil.com *.maisoncorbeil.com *.maisonco.local mcusercontent.com *.mustsociete.com *.paypal.com *.pinterest.com *.placeholder.com *.o2web.ws *.twimg.com *.twitter.com *.usercentrics.eu *.vimeo.com *.jsdelivr.net *.ytimg.com https://analytics.tiktok.com https://d254swjmew8w6i.cloudfront.net ca-lapresse-main.collector.snplow.net dhv2ziothpgrr.cloudfront.net *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com cdn.ampproject.org raw.githubusercontent.com *.googleapis.com *.gstatic.com *.affirm.com *.affirm.ca *.exponea.com https://sdk.privacy-center.org/ *.bloomreach.com *.clarity.ms *.cloudflare.com *.cloudflareinsights.com https://d254swjmew8w6i.cloudfront.net/ *.bing.com *.doubleclick.net *.facebook.net *.fontawesome.com *.google.com *.google-analytics.com *.hotjar.com *.sjv.io *.newrelic.com *.nr-data.net *.pinimg.com *.stripe.com *.trustedshops.com *.twimg.com *.twitter.com *.usercentrics.eu *.zdassets.com *.zopim.com *.noibu.com *.criteo.com *.jsdelivr.net https://analytics.tiktok.com ca-lapresse-main.collector.snplow.net *.impactcdn.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net pay.google.com js.klevu.com *.ksearchnet.com *.avada.io assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.cloudflare.com *.cloudfront.net *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.doubleclick.net dhv2ziothpgrr.cloudfront.net *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org *.googleapis.com *.affirm.com *.affirm.ca *.exponea.com *.bloomreach.com *.clarity.ms *.cloudflare.com *.cloudfront.net *.doubleclick.net *.facebook.com *.flexiti.fi *.google.com *.hotjar.io *.hotjar.com wss://*.hotjar.com ssgtm.maisoncorbeil.com ssgtm.mustsociete.com ssgtm.jardindeville.com *.paypal.com *.pinterest.com *.twimg.com *.twitter.com *.zdassets.com *.zendesk.com wss://*.zopim.com wss://*.noibu.com *.noibu.com *.privacy-center.org https://analytics.tiktok.com https://d254swjmew8w6i.cloudfront.net ca-lapresse-main.collector.snplow.net *.sjv.io dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com *.stripe.com *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com t.elasticsuite.io *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src https://sdk.privacy-center.org/ *.zopim.com *.noibu.com *.sjv.io *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https:; connect-src 'self' https: wss:; form-action 'self'; frame-ancestors 'self'; img-src 'self' blob: data: https:; media-src 'self' blob: https:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; upgrade-insecure-requests; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-97fIoEMiiRUv92et3BH9yQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri /csp-report; default-src 'self' https://shop.stpancras.com https://google.co.uk https://www.google.co.uk https://www.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://connect.facebook.net/en_US/fbevents.js https://d10lpsik1i8c69.cloudfront.net/w.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://js.createsend1.com/javascript/copypastesubscribeformlogic.js https://*.hotjar.com maps.googleapis.com; style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' http://admin.highspeed1.co.uk https://createsend.com https://maps.googleapis.com https://settings.luckyorange.net https://www.facebook.com https://www.google-analytics.com https://analytics.google.com https://*.hotjar.io https://*.google-analytics.com https://*.analytics.google.com wss://ws.hotjar.com https://*.google.co.uk https://*.doubleclick.net; font-src 'self' https://use.typekit.net https://fonts.gstatic.com; frame-src 'self' https://www.youtube.com https://player.vimeo.com https://widget-3bcbfadb1b0e462e809ce25304fd6efd.elfsig.ht https://map.stpancras.com https://*.doubleclick.net; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data: https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com img.fat.dev; manifest-src 'self'; media-src 'self'; worker-src 'self'; upgrade-insecure-requests 1
object-src 'none';base-uri 'self';script-src 'nonce-2-a3PUfMF43qdhuABiZYeg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com *.google.com.ua *.google.co.uk www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.doubleclick.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com store.paradoxlabs.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.googletagmanager.com *.doubleclick.net player.vimeo.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.googletagmanager.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google-analytics.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; report-uri https://13fdb20b4d99daba15f18769204d48be.report-uri.com/r/d/csp/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-cGfohrnFaD1QsfrKnaqJFw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src https: 'strict-dynamic' 'report-sample' 'nonce-+7nnhMc+bd4Ta901Sqnpp61eiIzoc2/dI4Oz5WyUTr0='; base-uri 'self';report-to csp-endpoint 1
font-src use.typekit.net v2.zopim.com d1azc1qln24ryf.cloudfront.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.facebook.com vars.hotjar.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com www.tinyme.com.au www.tinyme.sg bat.bing.com ct.pinterest.com www.facebook.com a.klaviyo.com assets.reviews.io www.google.com.au embed-fastly.wistia.com fast.wistia.com https://a.klaviyo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com static.zipmoney.com.au js-agent.newrelic.com bam.nr-data.net s.pinimg.com bat.bing.com connect.facebook.net v2.zopim.com widget.reviews.io static.zdassets.com fast.wistia.com static.hotjar.com script.hotjar.com widget.parcelpoint.com.au https://static.klaviyo.com https://fast.a.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com use.typekit.net p.typekit.net widget.reviews.io d1azc1qln24ryf.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com www.tinyme.com.au www.tinyme.sg api.zipmoney.com.au t.zip.co ct.pinterest.com ekr.zdassets.com fast.a.klaviyo.com telemetrics.klaviyo.com api.reviews.io *.zopim.com bam.nr-data.net bat.bing.com stats.g.doubleclick.net distillery.wistia.com embed-fastly.wistia.com pipedream.wistia.com in.hotjar.com embedwistia-a.akamaihd.net api-cache.reviews.co.uk https://static.klaviyo.com https://fast.a.klaviyo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src www.tinyme.com.au www.tinyme.sg 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-vCMHjz9xQQjljSe7gu3QJw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.yotpo.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.yotpo.com *.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.yotpo.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.yotpo.com *.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.yotpo.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self'; report-uri https://www.dailytelegraph.com.au/csp-reports 1
default-src 'self' www.clarity.ms fonts.gstatic.com data:;  script-src 'self' 'unsafe-inline' 'unsafe-eval'  www.clarity.ms *.usercentrics.eu www.googletagmanager.com www.google-analytics.com login-ds.dotomi.com www.google.com www.gstatic.com data:; connect-src 'self' *.usercentrics.eu www.google-analytics.com api-js.mixpanel.com *.azurewebsites.net;  img-src 'self' *.service.usercentrics.eu app.usercentrics.eu www.google-analytics.com *.cloudfront.net data:;  style-src 'self' 'unsafe-inline' fonts.googleapis.com googletagmanager.com www.google-analytics.com;base-uri 'self';form-action 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-jyP5_dH2_4DnELshYMfkrA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.tryggehandel.net *.fontawesome.com *.googleapis.com *.gstatic.com fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.facebook.com www.youtube.com www.youtube-nocookie.com ssl.ditonlinebetalingssystem.dk *.trustpilot.com *.cookieinformation.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com www.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com *.facebook.com *.sleeknote.com *.tryggehandel.net *.visualwebsiteoptimizer.com *.bing.com *.doubleclick.net *.clarity.ms https://cdn.clerk.io maps.googleapis.com *.googleapis.com maps.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.klarnaevt.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.magezon.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com quickchart.io img.youtube.com www.google.com.ua data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com *.sleeknote.com *.clerk.io *.tryggehandel.net *.facebook.net *.trustpilot.com *.emaerket.dk *.cookieinformation.com *.reepay.com *.helloretail.com *.googletagmanager.com *.cloudfront.net *.capida.dk *.klaviyo.com *.bing.com *.visualwebsiteoptimizer.com *.googleapis.com *.clarity.ms *.adt357.net https://api.clerk.io https://cdn.clerk.io maps.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.fontawesome.com *.gstatic.com *.googleadservices.com *.google-analytics.com www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com fonts.googleapis.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com https://api.clerk.io https://cdn.clerk.io https://static.klaviyo.com *.fontawesome.com fonts.gstatic.com *.googleapis.com *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://core.helloretail.com https://helloretailcdn.com *.obsidian.dk connect.facebook.net *.facebook.com *.cookieinformation.com *.doubleclick.net *.google.com *.googlesyndication.com *.googleapis.com *.bing.com *.visualwebsiteoptimizer.com *.clarity.ms www.facebook.com graph.facebook.com business.facebook.com *.klarnaevt.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com *.gstatic.com 'self' data: fonts.googleapis.com *.hotjar.com *.zopim.com *.fontawesome.com https://fonts.gstatic.com https://ws.colissimo.fr *.stamped.io cdn.jsdelivr.net cdn.almapay.com *.speed1.fr *.quadyland.com quadyland.com media.quadyland.com spyder.quadyland.com scooter.quadyland.com speed1.fr media.speed1.fr 125-vintage.fr scooterelec.fr data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com tpeweb.e-transactions.fr tpeweb.paybox.com tpeweb1.paybox.com quadyland.com media.quadyland.com spyder.quadyland.com scooter.quadyland.com speed1.fr media.speed1.fr 125-vintage.fr scooterelec.fr 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.speed1.fr *.quadyland.com 'self' data: quadyland.com media.quadyland.com spyder.quadyland.com scooter.quadyland.com speed1.fr media.speed1.fr 125-vintage.fr scooterelec.fr 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com www.google.com cdn.dnky.co www.youtube.com *.hotjar.com *.facebook.com *.trustpilot.com *.criteo.com https://www.youtube.com *.livechatinc.com *.paypal.com pay.google.com *.braintreegateway.com *.kaptcha.com *.paypalobjects.com *.affirm.com *.doubleclick.net *.speed1.fr *.quadyland.com 'self' data: youtu.be tpc.googlesyndication.com www.quadyland.com blob quadyland.com media.quadyland.com spyder.quadyland.com scooter.quadyland.com speed1.fr media.speed1.fr 125-vintage.fr scooterelec.fr 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org cdn.doofinder.com *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr *.cloudfront.net *.stamped.io *.google-analytics.com *.google.fr *.paypal.com *.paypalobjects.com *.amazonaws.com *.userway.org verify.authorize.net scontent.cdninstagram.com *.affirm.com *.routeapp.io cdn.almapay.com *.speed1.fr *.quadyland.com www.google.be www.google.pt www.google.ca www.google.co.ma www.google.dz www.google.lu www.google.tn www.google.co.uk www.google.es www.google.de sb-img-fr.s3.amazonaws.com www.google.fr www.google.ch www.google.sn www.google.cg www.quadyland.com pagead2.googlesyndication.com tpc.googlesyndication.com media.speed1.fr bat.bing.com quadyland.com media.quadyland.com spyder.quadyland.com scooter.quadyland.com speed1.fr 125-vintage.fr scooterelec.fr data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com f.vimeocdn.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net cdn.ampproject.org raw.githubusercontent.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com apis.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ cdn.doofinder.com *.google.com *.gstatic.com *.googletagmanager.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com static.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com *.youtube.com cdn.mouseflow.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com *.doofinder.com *.doubleclick.net includes.ccdc02.com cdn.inspectlet.com *.stamped.io *.livechatinc.com *.userway.org *.paypal.com www.klarnapayments.com *.affirm.com *.routeapp.io cdn.amcharts.com www.googletagmanager.com googleads.g.doubleclick.net bat.bing.com pagead2.googlesyndication.com quadyland.com media.quadyland.com spyder.quadyland.com scooter.quadyland.com speed1.fr media.speed1.fr 125-vintage.fr scooterelec.fr 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com *.doofinder.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com *.stamped.io www.klarnapayments.com *.speed1.fr *.quadyland.com quadyland.com media.quadyland.com spyder.quadyland.com scooter.quadyland.com speed1.fr media.speed1.fr 125-vintage.fr scooterelec.fr 'self' 'unsafe-inline'; object-src www.youtube.com *.livechatinc.com *.paypal.com pay.google.com *.braintreegateway.com *.kaptcha.com *.paypalobjects.com *.affirm.com *.doubleclick.net *.speed1.fr *.quadyland.com 'self' data: www.quadyland.com data blob quadyland.com media.quadyland.com spyder.quadyland.com scooter.quadyland.com speed1.fr media.speed1.fr 125-vintage.fr scooterelec.fr 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com static.zdassets.com *.speed1.fr *.quadyland.com quadyland.com media.quadyland.com spyder.quadyland.com scooter.quadyland.com speed1.fr media.speed1.fr 125-vintage.fr scooterelec.fr 'self' 'unsafe-inline'; manifest-src quadyland.com media.quadyland.com spyder.quadyland.com scooter.quadyland.com speed1.fr media.speed1.fr 125-vintage.fr scooterelec.fr 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.getalma.eu cdn.ampproject.org www.facebook.com *.facebook.com graph.facebook.com business.facebook.com *.doofinder.com wss://*.doofinder.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net ekr.zdassets.com *.hotjar.com *.hotjar.io wss://widget-mediator.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net *.clarity.ms *.datatrics.com https://nominatim.openstreetmap.org *.paypal.com *.authorize.net hn.inspectlet.com stamped.io *.braintree-api.com *.braintreegateway.com *.paypalobjects.com *.livechatinc.com *.userway.org graph.instagram.com *.affirm.com *.route.com *.google.com adservice.google.com www.google.com maps.googleapis.com bat.bing.com quadyland.com media.quadyland.com spyder.quadyland.com scooter.quadyland.com speed1.fr media.speed1.fr 125-vintage.fr scooterelec.fr 'self' 'unsafe-inline'; child-src quadyland.com media.quadyland.com spyder.quadyland.com scooter.quadyland.com speed1.fr media.speed1.fr 125-vintage.fr scooterelec.fr http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src quadyland.com media.quadyland.com spyder.quadyland.com scooter.quadyland.com speed1.fr media.speed1.fr 125-vintage.fr scooterelec.fr 'self' 'unsafe-inline' 'unsafe-eval'; base-uri quadyland.com media.quadyland.com spyder.quadyland.com scooter.quadyland.com speed1.fr media.speed1.fr 125-vintage.fr scooterelec.fr 'self' 'unsafe-inline'; report-uri /csp_reporter.php; 1
font-src *.bootstrapcdn.com *.fontawesome.com https://cdnjs.cloudflare.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com https://www.googletagmanager.com/ *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com validator.swagger.io accastillage-diffusion.com accastillage-diffusion.es accastillage-diffusion.it accastillage-diffusion.co.uk d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.atinternet-solutions.com *.atinternet.io *.aticdn.net *.xiti.com *.ati-host.net *.atinternet.com *.piano.io *.axept.io *.target2sell.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ s7.addthis.com https://cdnjs.cloudflare.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.bootstrapcdn.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com *.atinternet-solutions.com *.atinternet.io *.aticdn.net *.xiti.com *.ati-host.net *.atinternet.com *.piano.io *.axept.io *.target2sell.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ ekr.zdassets.com/ *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com *.google.com/ https://www.youtube.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cdninstagram.com *.kxcdn.com amcglobal.sc.omtrdc.net *.twitter.com *.googleapis.com *.google.com *.gstatic.com *.fbcdn.net https://www.magezon.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.googleapis.com *.google.com *.gstatic.com cdn.ampproject.org connect.facebook.net www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com *.google.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com dpm.demdex.net *.instagram.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com *.bolt.com www.googletagmanager.com *.veritas.at *.consentmanager.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com https://www.magezon.com https://*.consentmanager.net data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 s7.addthis.com https://*.consentmanager.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.bolt.com ekr.zdassets.com/ https://identity.veritas.at/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com www.kiyoh.com consentcdn.cookiebot.com ct.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com www.kiyoh.com maps.googleapis.com kit.fontawesome.com squeezely.tech www.clarity.ms unpkg.com consent.cookiebot.com js-agent.newrelic.com static.zdassets.com app.varify.io varify.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com marcvanwilligen.nl 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com ka-f.fontawesome.com q.clarity.ms ct.pinterest.com ekr.zdassets.co bam.eu01.nr-data.net shuz.zendesk.com widget-mediator.zopim.com y.clarity.ms consentcdn.cookiebot.com app.varify.io varify.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
img-src https://d19vzld1wvxwbr.cloudfront.net https://rumc-gcorg-p-public.s3.amazonaws.com https://rumc-gcorg-p-public.s3.eu-west-1.amazonaws.com https://www.gravatar.com data: 'self' https: https://d1u59nsmjqjziz.cloudfront.net; font-src https://d19vzld1wvxwbr.cloudfront.net https://fonts.gstatic.com; style-src https://d19vzld1wvxwbr.cloudfront.net https://fonts.googleapis.com 'unsafe-inline'; script-src https://d19vzld1wvxwbr.cloudfront.net 'unsafe-eval' 'self'; frame-src https://www.youtube-nocookie.com; media-src https://rumc-gcorg-p-public.s3.amazonaws.com https://rumc-gcorg-p-public.s3.eu-west-1.amazonaws.com https://user-images.githubusercontent.com; default-src 'none'; connect-src 'self' https://grand-challenge.org https://ca-central-1.grand-challenge.org https://eu-central-1.grand-challenge.org https://*.ingest.sentry.io https://d19vzld1wvxwbr.cloudfront.net https://d1u59nsmjqjziz.cloudfront.net https://rumc-gcorg-p-uploads.s3-accelerate.amazonaws.com 1
default-src 'self'; object-src 'none'; font-src data: https:; frame-ancestors 'none'; form-action 'self'; script-src 'unsafe-eval' 'unsafe-inline' https:; img-src https: data:; style-src https: 'unsafe-inline'; connect-src https:; media-src https:; frame-src https:; upgrade-insecure-requests; block-all-mixed-content;default-src 'self'; object-src 'none'; font-src data: https:; frame-ancestors 'none'; form-action 'self'; script-src 'unsafe-eval' 'unsafe-inline' https:; img-src https: data:; style-src https: 'unsafe-inline'; connect-src https:; media-src https:; frame-src https:; upgrade-insecure-requests; block-all-mixed-content; 1
object-src 'none';base-uri 'self';script-src 'nonce--vpYfWWAMHvaIY2cVlF8LA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.facebook.com 3dsecure.nexi.it *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.nexigroup.com *.redsys.es *.sia.eu *.vinea.es *.ing.ro *.landbank.com *.eewosecure.com *.sibs.ro *.mercurypaymentservices.it *.netsgroup.com *.cic.fr *.creditmutuel.fr *.modirum.com *.secure.lcl.fr *.arcot.com www.securesuite.co.uk *.wlp-acs.com *.otpbank.hu *.3ds-hanseaticbank.de *.abanca.com *.securesuite.co.uk *.revolut.com *.apata.io *.ing.com *.psa.at *.stripeauthentications.com www.secure22gw.ro *.secure22gw.ro *.winbank.gr *.piraeusbank.gr www.rsa3dsauth.co.uk *.n26.com *.egcp.com *.cardcomplete.com *.sibs.pt *.swedbank.se *.3dsecure.no *.citibank.pl 3dsecure-vrp.de *.3dsecure-vrp.de *.consorsfinanz.de *.emlpayments.com *.bnpparibas.pl *.pluscard.de *.sgb.pl *.cm-cic.com *.edb.com *.cyris.com *.garantibank.ro *.kombank.com:8449 *.pkobp.pl *.sebkort.com *.enfuce.com:* *.cardcenter.ch *.bankmillennium.pl *.nbg.gr *.easybank.at *.bpcprocessing.com *.capitalone.com *.kbcard.com *.sparebank1.no *.viseca.ch *.luottokunta.fi *.csi-processing.com *.cld.asseco-see.hr *.bankid.no *.ibotta.com *.marqeta.com *.raiffeisen.hu *.fisglobal.com *.3debspay.boc.cn *.btrl.ro *.sparkassen-kreditkarten.de *.firstdata.de *.bonuscard.ch *.cornercard.ch *.dkb.de *.sparkasse.at *.uobgroup.com *.bkm.com.tr *.garanti.com.tr *.acb.com.vn:* *.borica.bg *.hdbank.com.vn:* *.kredobank.com.ua *.mbank.pl *.s-id-check-sparkassen.de *.six-group.com *.sbanken.no *.credit-agricole.pl *.samsungcard.com *.mycardplace.com *.otpbanka.hr *.apac.citibank.com *.monzo.com *.alinma.com *.rsa3dsauth.com rsa3dsauth.com easyabc.95599.cn *.easyabc.95599.cn *.bov.com *.ipc.kg *.oschadbank.ua *.qnb.com *.seglan.com *.placetopay.com *.postfinance.ch *.leobank.az *.maybank.com.sg *.raiffeisenbank.rs *.tatrabanka.sk *.ocbc.com *.cupdapp.cn *.fssnet.co.in *.gc.ge *.luminorgroup.com *.swisscard.ch *.targobank.de *.bankofafrica.ma *.rba.hr *.privatbank.ua *.3dsecure-csas.cz *.smartsecure.tsys.co.uk *.ccb.com.cn *.2c2p.com *.bci.cl *.commerzbank.de mycardsecure.com *.mycardsecure.com *.citadele.lv *.creditcard.ecitic.com *.monext.fr *.pekao24.pl *.nonghyup.com *.acs.cmbchina.com *.comdirect.de *.mutuauniversal.net *.centrum24.pl *.acdcproc.com *.akbank.com.tr *.paylife.at *.hanacard.co.kr:* *.ufc.ge *.gpesecure.com *.cafis-paynet.jp *.lloydsbankinggroup.com *.mitid.dk *.nccc.com.tw *.cebbank.com *.rpc-raiffeisen.com *.upc.ua *.kapitalbank.az *.ukrsibbank.com *.bcc.kz:* *.cgbchina.com.cn *.klikbca.com *.sumup.com *.hpb.hr *.inecoecom.am *.redbanc.cl *.yapikredi.com.tr *.emv.acs.opentech.com *.attijariwafa.com *.areq.mpts.modirum.com:* *.bkm.com.tr:* *.3dsacs.net *.maybank.com.my *.wibmo.com *.icicibank.com *.afs.com.bh *.kaspi.kz *.ntctr.acs.danskebank.com *.optimuscards.com *.abmb.com.my *.slsp.sk *.zen.com *.sparda.de *.ecommerce.md *.spdb.com.cn:* *.smartsecure.tsys.co.uk:* *.acswbpd.ccb.com *.eahli.com *.zaba.hr *.fortebank.com *.fuib.com *.estcard.ee *.tribepayments.com *.ctbcbank.com *.armbusinessbank.am *.bancochile.cl *.cathaybk.com.tw *.soldo.com *.capitecbank.co.za *.mbank.sk *.starlingbank.com *.hitrust-us.com:9750 *.enginebystarling.net *.cardinalcommerce.com:* *.id.mastercard.bunq.com *.santander.cl *.secureacs.com *.bog.ge *.consorsbank.de *.ing.de *.icbc.com.cn *.hsbc.co.id *.rpc-raiffeisen.com:* *.stcpay.com.sa *.3dsecure-atruvia.de *.hu.bpcbt.com *.a-bank.com.ua *.ipakyulibank.uz:* bezpecne-platby.rb.cz *.bezpecne-platby.rb.cz *.santander.com.br *.2c2p.com:* *.asseco-see.hr:* particuliers.sg.fr *.particuliers.sg.fr *.bccard.com *.petafuel.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.sharethis.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.gigya.com pay.google.com consentcdn.cookiebot.com www.youtube.com vimeo.com *.facebook.com https://www.yumpu.com/ *.snapchat.com *.doubleclick.de *.doubleclick.ne *.doubleclick.net *.sc-static.net sc-static.net *.container.webgains.link 3dsecure.nexi.it *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.recaptcha.net *.google.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.nexigroup.com *.redsys.es *.sia.eu *.vinea.es *.ing.ro *.landbank.com *.eewosecure.com *.sibs.ro *.mercurypaymentservices.it *.netsgroup.com *.cic.fr *.creditmutuel.fr *.modirum.com *.secure.lcl.fr *.arcot.com www.securesuite.co.uk *.wlp-acs.com *.otpbank.hu *.3ds-hanseaticbank.de *.abanca.com *.securesuite.co.uk *.revolut.com *.apata.io *.ing.com *.psa.at *.stripeauthentications.com www.secure22gw.ro *.secure22gw.ro *.winbank.gr *.piraeusbank.gr www.rsa3dsauth.co.uk *.n26.com *.egcp.com *.cardcomplete.com *.sibs.pt *.swedbank.se *.3dsecure.no *.citibank.pl 3dsecure-vrp.de *.3dsecure-vrp.de *.consorsfinanz.de *.emlpayments.com *.bnpparibas.pl *.pluscard.de *.sgb.pl *.cm-cic.com *.edb.com *.cyris.com *.garantibank.ro *.kombank.com:8449 *.pkobp.pl *.sebkort.com *.enfuce.com:* *.cardcenter.ch *.bankmillennium.pl *.nbg.gr *.easybank.at *.bpcprocessing.com *.capitalone.com *.kbcard.com *.sparebank1.no *.viseca.ch *.luottokunta.fi *.csi-processing.com *.cld.asseco-see.hr *.bankid.no *.ibotta.com *.cardinalcommerce.com *.marqeta.com *.raiffeisen.hu *.fisglobal.com *.3debspay.boc.cn *.btrl.ro *.sparkassen-kreditkarten.de *.firstdata.de *.bonuscard.ch *.cornercard.ch *.dkb.de *.sparkasse.at *.uobgroup.com *.bkm.com.tr *.garanti.com.tr *.acb.com.vn:* *.borica.bg *.hdbank.com.vn:* *.kredobank.com.ua *.mbank.pl *.s-id-check-sparkassen.de *.six-group.com *.sbanken.no *.credit-agricole.pl *.samsungcard.com *.mycardplace.com *.otpbanka.hr *.apac.citibank.com *.monzo.com *.alinma.com *.rsa3dsauth.com rsa3dsauth.com easyabc.95599.cn *.easyabc.95599.cn *.bov.com *.ipc.kg *.oschadbank.ua *.qnb.com *.seglan.com *.placetopay.com *.postfinance.ch *.leobank.az *.maybank.com.sg *.raiffeisenbank.rs *.tatrabanka.sk *.ocbc.com *.cupdapp.cn *.fssnet.co.in *.gc.ge *.luminorgroup.com *.swisscard.ch *.targobank.de *.bankofafrica.ma *.rba.hr *.privatbank.ua *.3dsecure-csas.cz *.smartsecure.tsys.co.uk *.ccb.com.cn *.2c2p.com *.bci.cl *.commerzbank.de mycardsecure.com *.mycardsecure.com *.citadele.lv *.creditcard.ecitic.com *.monext.fr *.pekao24.pl *.nonghyup.com *.acs.cmbchina.com *.comdirect.de *.mutuauniversal.net *.centrum24.pl *.acdcproc.com *.akbank.com.tr *.paylife.at *.hanacard.co.kr:* *.ufc.ge *.gpesecure.com *.cafis-paynet.jp *.lloydsbankinggroup.com *.mitid.dk *.nccc.com.tw *.cebbank.com *.rpc-raiffeisen.com *.upc.ua *.kapitalbank.az *.ukrsibbank.com *.bcc.kz:* *.cgbchina.com.cn *.klikbca.com *.sumup.com *.hpb.hr *.inecoecom.am *.redbanc.cl *.yapikredi.com.tr *.emv.acs.opentech.com *.attijariwafa.com *.areq.mpts.modirum.com:* *.bkm.com.tr:* *.3dsacs.net *.maybank.com.my *.wibmo.com *.icicibank.com *.afs.com.bh *.kaspi.kz *.ntctr.acs.danskebank.com *.optimuscards.com *.abmb.com.my *.slsp.sk *.zen.com *.sparda.de *.ecommerce.md *.spdb.com.cn:* *.smartsecure.tsys.co.uk:* *.acswbpd.ccb.com *.eahli.com *.zaba.hr *.fortebank.com *.fuib.com *.estcard.ee *.tribepayments.com *.ctbcbank.com *.armbusinessbank.am *.bancochile.cl *.cathaybk.com.tw *.soldo.com *.capitecbank.co.za *.mbank.sk *.starlingbank.com *.hitrust-us.com:9750 *.enginebystarling.net *.cardinalcommerce.com:* *.id.mastercard.bunq.com *.santander.cl *.secureacs.com *.bog.ge *.consorsbank.de *.ing.de *.icbc.com.cn *.hsbc.co.id *.rpc-raiffeisen.com:* *.stcpay.com.sa *.3dsecure-atruvia.de *.hu.bpcbt.com *.a-bank.com.ua *.ipakyulibank.uz:* bezpecne-platby.rb.cz *.bezpecne-platby.rb.cz *.santander.com.br *.2c2p.com:* *.asseco-see.hr:* particuliers.sg.fr *.particuliers.sg.fr *.bccard.com *.petafuel.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net commerce.adobe.io widgets.magentocommerce.com data: www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com *.sharethis.com *.trackedlink.net *.gigya.com 'self' data: 'unsafe-inline' data: *.magentosite.cloud panini.it *.googleapis.com *.gstatic.com bam.nr-data.net www.panini.it www.paninibelgium.com www.panini.co.il www.panini.es www.panini.co.uk www.panini.fr www.panini.ch www.panininederland.com www.paninihungary.com www.panini.pl www.paniniportugal.com www.paninistore.com www.panini.ro www.panini.com.gr www.panini.de collectibles.paniniamerica.net www.paninisuomi.com www.paninisverige.com www.paninidanmark.com www.panininorge.com *.bing.com ib.adnxs.com *.facebook.com *.tiktok.com *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.cookiebot.com *.doubleclick.net *.google.com *.google.it *.google.fr *.google.es *.google.be *.twitter.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.adyen.com *.sharethis.com jquery.sellxed.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.gigya.com https://cdnjs.cloudflare.com *.panini.it *.facebook.net *.googleapis.com js-agent.newrelic.com bam.eu01.nr-data.net bam.nr-data.net consent.cookiebot.com consentcdn.cookiebot.com *.clarity.ms cdn.noibu.com wss://*.noibu.com https://*.noibu.com *.queue-it.net *.bing.com *.sc-static.net sc-static.net *.adnxs.com *.acdn.adnxs.com acdn.adnxs.com https://players.yumpu.com *.snapchat.com *.facebook.com *.connect.facebook.net connect.facebook.net *.ads-twitter.com *.google.com *.google.it *.recaptcha.net *.tiktok.com analytics.webgains.io *.webgains.link *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.collectibles.paniniamerica.net *.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.cardinalcommerce.com cdns.eu1.gigya.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.sharethis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com 'unsafe-inline' data: *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com js-agent.newrelic.com *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.collectibles.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.adyen.com *.sharethis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.panini.it *.gigya.com *.pnn.webformat.cloud *.googleapis.com consentcdn.cookiebot.com consent.cookiebot.com *.facebook.com google.com/pay pay.google.com wss://*.noibu.com https://*.noibu.com bam.nr-data.net paninitutor-be-stage.nw.r.appspot.com paninitutor-be-prod.nw.r.appspot.com clarity.ms *.clarity.ms paniniadrenalyn.com *.paniniadrenalyn.com paninitutor-be-stage.appspot.com paninitutor-be-prod.appspot.com *.snapchat.com *.google.com *.google.it *.doubleclick.net *.pagead2.googlesyndication.com *.tiktok.com *.webgains.io *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.bing.com *.google.fr *.google.es *.google.be *.googlesyndication.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.cardinalcommerce.com myp3-cdc-global.mypanini.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src wss://*.noibu.com https://*.noibu.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';report-uri https://www.panini.co.uk/shp_gbr_en/webformat_csptools/report/; 1
script-src-elem *.livechatinc.com *.payments-amazon.com https://*.helloextend.com js-agent.newrelic.com bam.nr-data.net tpc.googlesyndication.com www.full-race.com www.google-analytics.com *.affirm.com connect.facebook.net visualsponline.azurewebsites.net gc.kis.v2.scr.kaspersky-labs.com ssl.google-analytics.com www.pagespeed-mod.com *.klaviyo.com www.gstatic.com *.google.com js.braintreegateway.com c.paypal.com ajax.cloudflare.com www.paypal.com www.paypalobjects.com www.googleadservices.com localhost:49506 me.kis.v2.scr.kaspersky-labs.com data1.ilplet.com z.moatads.com browser.sentry-cdn.com js.sentry-cdn.com gc.kes.v2.scr.kaspersky-labs.com cdn.ghostaio.com milkpload.net hublosk.com jullyambery.net ads.creative-serving.com payperclickadz.com floatingplayer.com ucads-cdn.ucweb.com cloudjs.netlify.com appslinker.net ss1.js.images.static.jqurey.vip www.googletagmanager.com rialto-gms.s3.amazonaws.com pilaff-up.ru *.googleapis.com *.doubleclick.net *.verifypass.com https://www.google.com/_/scs/shopping-verified-reviews-static/* 'self' 'unsafe-inline' 'unsafe-eval'; style-src-elem www.full-race.com cdn1.affirm.com use.fontawesome.com static.klaviyo.com gc.kis.v2.scr.kaspersky-labs.com me.kis.v2.scr.kaspersky-labs.com cdn.honey.io *.googleapis.com 'self' 'unsafe-inline'; font-src *.gstatic.com *.googleapis.com www.full-race.com www.affirm.com themes.googleusercontent.com static3.avast.com www.slant.co assets.quadpay.com cdn.megabonus.com cdn.honey.io www.clearplay.com at.alicdn.com use.typekit.net gateway.zscalerone.net pouch-global-font-assets.s3.eu-central-1.amazonaws.com maxcdn.bootstrapcdn.com fonts.googleapis.com *.livechatinc.com static.klaviyo.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.facebook.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com www.full-race.com 'self' 'unsafe-inline'; frame-ancestors www.full-race.com 'self'; frame-src fast.amc.demdex.net *.adobe.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.amazon.com *.payments-amazon.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.affirm.com *.livechatinc.com *.facebook.com bid.g.doubleclick.net *.youtube-nocookie.com * googleads.g.doubleclick.net tpc.googlesyndication.com mediazilla.com *.google.com ssl.kaptcha.com www.googletagmanager.com www.paypalobjects.com web.archive.org div.show static.klaviyo.com www.google.com.jm www.google.ca www.google.cl www.google.com.sg floatingplayer.com mozbar.moz.com www.google.iq *.securly.com t.windows7home.com t.032168.com www.google.com.tr 192.168.148.132:15871 www.google.com.mx utp.ucweb.com ss1.js.images.static.jqurey.vip www.google.com.pr www.google.it gateway.zscalerthree.net acestream.me mini.bijiatu.com 'self' 'unsafe-inline'; img-src data: * data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ *.avada.io assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.affirm.com *.payments-amazon.com *.livechatinc.com https://*.helloextend.com *.klaviyo.com googleads.g.doubleclick.net www.googletagmanager.com *.newrelic.com *.nr-data.net *.youtube.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com bam.nr-data.net js-agent.newrelic.com connect.facebook.net tpc.googlesyndication.com z.moatads.com js.sentry-cdn.com browser.sentry-cdn.com polyfill.io gateway.zscalerone.net ucads-cdn.ucweb.com *.google.com *.doubleclick.net *.verifypass.com www.google.com/_/scs/shopping-verified-reviews-static/* 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline static.klaviyo.com assets.braintreegateway.com cdn1.affirm.com *.googleapis.com cdn.honey.io gateway.zscalerone.net 'self' 'unsafe-inline'; object-src noop.style 'self' 'unsafe-inline'; media-src *.adobe.com app.tealhq.com tts.baidu.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com mws.amazonservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.affirm.com https://*.helloextend.com *.klaviyo.com www.googleadservices.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com pilot-payflowlink.paypal.com *.googleapis.com *.google.com bam.nr-data.net *.doubleclick.net www.full-race.com localhost:49506 api.rollbar.com hm.baidu.com o19233.ingest.sentry.io plugin.ucads.ucweb.com gjtrack.ucweb.com h7s9xishng.execute-api.us-east-1.amazonaws.com floatingplayer.com uc.gre track.uc.cn ss1.js.images.static.jqurey.vip translate.googleapis.com *.facebook.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'self' *.cined.com; report-uri /_/csp-report/ 1
object-src 'none';base-uri 'self';script-src 'nonce-XSKQQDSob_ukP0i9CqUEhQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.googleapis.com *.gstatic.com *.opayo.eu.elavon.com *.klevu.com *.ksearchnet.com *.fontawesome.com https://cdnjs.cloudflare.com 'self' data: *.yotpo.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.opayo.eu.elavon.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.opayo.eu.elavon.com *.google.com/ https://www.youtube.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com camo.githubusercontent.com data: *.googleapis.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com *.paypal.com *.opayo.eu.elavon.com ebizmarts-website.s3.amazonaws.com *.klevu.com *.ksearchnet.com https://www.magezon.com 'self' data: *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com *.opayo.eu.elavon.com js.klevu.com *.ksearchnet.com *.avada.io *.google.com https://cdnjs.cloudflare.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com *.opayo.eu.elavon.com *.klevu.com *.ksearchnet.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com *.paypal.com *.opayo.eu.elavon.com *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io t.elasticsuite.io *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-wpLUtQygcAD7Xn9vrdiOEg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https://cms.robotiq.com; connect-src 'self' data: https://www.googleapis.com http://maps.googleapis.com embedwistia-a.akamaihd.net *.hubspot.com *.hsforms.com *.litix.io *.wistia.com https://graph.facebook.com https://www.linkedin.com http://mwsserver.com/ https://cms.robotiq.com; font-src 'self' data: fonts.gstatic.com *.wistia.com http://mwsserver.com/; img-src 'self' data: *; media-src 'self' data: blob: *.wistia.com embedwistia-a.akamaihd.net http://mwsserver.com/; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' *.wistia.com *.wistia.net *.litix.io *.hsforms.net *.hsforms.com *.hubspot.com *.hscta.net https://maps.googleapis.com *.googletagmanager.com *.google-analytics.com api.usemessages.com *.hs-scripts.com intelligenc.es *.hs-analytics.net *.linkedin.com *.crazyegg.com http://mwsserver.com/ *.google.com/ *.gstatic.com/ https://unpkg.com/@google/model-viewer/; style-src 'self' 'unsafe-inline' fonts.googleapis.com; child-src blob: *.wistia.com http://mwsserver.com/; frame-src https://s3.amazonaws.com/ *.wistia.com https://forms.hubspot.com/ https://forms.hsforms.com/ http://mwsserver.com/; 1
default-src 'self';style-src * 'unsafe-inline';script-src 'self' 'unsafe-eval' 'strict-dynamic' https: http: https://mc.yandex.ru https://yastatic.net https://*.googleapis.com https://maps.gstatic.com http://*.googleapis.com http://maps.gstatic.com 'sha256-W0e3pEFD4+J98XshGZzSXqu8pVgy3ie2G0XgN3MeAGI=' 'sha256-2nD5Yg3GpvE1OBB1gSff6rhKy0ZOtd4AyV4nqocdtEw=' 'sha256-cHwo7iO6K/CJUKsMA9PMqLcNO4mAzJUkOCPxjny37l8=' 'sha256-KLAuKCngD9+vZY/RIR85nUuMZoQBEKuVLq52mJA/Q0U=' 'sha256-qqr6WowG3t3Bdx7IFdE3w0ANcV7alfsf0JARWC6gN2A=' 'sha256-ekU8Cs/o/j4TAsHGD4f/QwBYypfS3fI9N2K6RV3lo4E=' 'sha256-YSFgPYsgfbBbnt+PO0caTD94gM6UOEL+Og0XNSfIIP8=' 'sha256-7OIis6/xu2cdx6JV4lUqlRqK2xz5Adg7EiLCF8jIy6A=' 'sha256-mf/My+5mat+RM8sJb5CuciN4boJpuAKWxa+gatEieZg=' 'sha256-cHwo7iO6K/CJUKsMA9PMqLcNO4mAzJUkOCPxjny37l8=' 'sha256-gPaYsPj5sTVd4kYucoo5lY8yDa4XhEXvVc/QQRtxN8Y=' 'sha256-bKO+94w2PA1Gk7/1kHX/j3oDlqW6UNIFx0fzdkL6EcA=' 'sha256-gPaYsPj5sTVd4kYucoo5lY8yDa4XhEXvVc/QQRtxN8Y=' 'sha256-GJspzLF5P8iUP2ggFUOLIvdx0fi7f9uCnL5h4oPjWiE=' 'sha256-T5+ih/z/srro+8in9MNBN8dYL+ubjHZa3v0lBFw5WRw=' 'sha256-HcpHoGZHzFgDNl5s6SvaPnY+fa2lnhFCc4MKsYXEAB0=' 'sha256-d1TzThaI1cdEl8/c9YmReXl2sHNtDi3/bRI1zQu6ZHE=' 'sha256-VUcbPqopuVeK8CMtzfAp1ewEflN3B75El8ml2sUuMwE=' 'sha256-UVtElT3/ZOkuaHrNdJhqSGP3bvut/7Ucn3/VpPbHEWA=' 'sha256-d1TzThaI1cdEl8/c9YmReXl2sHNtDi3/bRI1zQu6ZHE=' 'sha256-8ZxUr1NHOYUaNvbbji0Bt/ixfNF0/rIKJs+Xvg80iCU=' 'sha256-9woYei7xZRjWeR4GSCW4YH8hr0AtHj7gpiClInwYq9s=' 'sha256-0u2QA9qZ0lF+zzXjIZHh5vq5Wpv9RlG8SdF1pRpTnmc=' 'sha256-cHwo7iO6K/CJUKsMA9PMqLcNO4mAzJUkOCPxjny37l8=' 'sha256-mD15IugP/MymSF/csGGWY4YuBjEcQf4xrDkrBFq60BY=' 'sha256-sHz1trO04g9i3hBUI/sQcY2udh85euSY1Y0HGpOV46E=' 'sha256-UVtElT3/ZOkuaHrNdJhqSGP3bvut/7Ucn3/VpPbHEWA=' 'sha256-gPaYsPj5sTVd4kYucoo5lY8yDa4XhEXvVc/QQRtxN8Y=' 'sha256-HiGbgw9Mw4Q7fHGpcJD2IxtGHjsyb091bPRu27vBL5c=' 'sha256-d1TzThaI1cdEl8/c9YmReXl2sHNtDi3/bRI1zQu6ZHE=' 'sha256-GJspzLF5P8iUP2ggFUOLIvdx0fi7f9uCnL5h4oPjWiE=' 'sha256-SdBJBSFnK8o9NxFlhhI6FqYQidICMxYfZ8wc37aU2yM=' 'sha256-Epjk6PjMN+o5/iSzt0awh350C1nlSwer860zY7qFjY4=' 'sha256-Iwx1uaWBNr4lZSCfxglUtf3g2IuoaJK44+Oh/KqVfCI=' 'sha256-MLhYfKa3YQUawNUxRwpaCFnsXaG8VrwInvGRSakQpkE=' 'sha256-p606UK9dpqxps6bku8Jx+aw+8QHZ5HZyVh36SLqUjXk=' 'sha256-cXsMIvKvH3A9mCSE7dNyTbDiyqN55cfOiQzEg47ES3c=' 'sha256-xseQRB7a2sRHn/dSjXRhWZRKSMhrU+m1+ZzCILLcLdQ=' 'sha256-Sqs3Y5XE1jgIOwNCwEwDH9X27kU7HUWUaQXlL7tpTo4=' 'sha256-cHwo7iO6K/CJUKsMA9PMqLcNO4mAzJUkOCPxjny37l8=' 'sha256-7WjYNbbuxrTkFdTCuOvyr59yTwsDaf/1k6vej8YPSaI=' 'sha256-UVtElT3/ZOkuaHrNdJhqSGP3bvut/7Ucn3/VpPbHEWA=' 'sha256-VUcbPqopuVeK8CMtzfAp1ewEflN3B75El8ml2sUuMwE=' 'sha256-54RKqj25lPkoSCu0p7jnwAPqHGaCG5yTm2kHa1mhM60=' 'sha256-s28yFJozWYIwWvtUOcVYJcJ1AKRZn0a9Ns58LM9SyQY=';img-src 'unsafe-inline' 'self' data: blob: https://mc.yandex.ru;connect-src 'self' https://mc.yandex.ru;object-src 'self'; report-uri /app/csp-report-servlet; 1
font-src *.googleapis.com fonts.gstatic.com data: *.fontawesome.com maxcdn.bootstrapcdn.com *.amazonaws.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.global-e.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ s7.addthis.com *.mailchimp.com *.list-manage.com *.addthis.com *.addthisedge.com *.pinterest.com *.newrelic.com *.nr-data.net *.googletagmanager.com *.facebook.net *.google.com *.cloudflare.com chimpstatic.com *.surveymonkey.com *.kbmaxnext.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.mailchimp.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com ekr.zdassets.com/ *.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-yZEILuztZoqmdGf6sBerHg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.googleapis.com fonts.gstatic.com *.gstatic.com *.trustedshops.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com vars.hotjar.com *.eventbrite.com sibautomation.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de https://plumrocket.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: www.apptrian.com www.facebook.com *.openstreetmap.org maps.googleapis.com maps.gstatic.com connect.facebook.net graph.facebook.com business.facebook.com *.trustedshops.com *.google.com *.google.fr *.googletagmanager.com *.viamichelin.com *.bing.com *.clarity.ms *.cloudflare.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com maps.googleapis.com www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com maps.gstatic.com fonts.googleapis.com business.facebook.com *.trustedshops.com static.hotjar.com script.hotjar.com vars.hotjar.com *.google.com *.google.fr *.gstatic.com *.googletagmanager.com *.eventbrite.com sibautomation.com *.viamichelin.com bat.bing.com *.clarity.ms *.cloudflare.com *.googleapis.com *.jquery.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com *.googleapis.com *.trustedshops.com *.viamichelin.com *.cloudflare.com *.googletagmanager.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com www.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com connect.facebook.net graph.facebook.com maps.googleapis.com www.facebook.com business.facebook.com *.trustedshops.com in.hotjar.com vc.hotjar.io *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net *.brevo.com *.google.com *.clarity.ms *.doubleclick.net *.googlesyndication.com *.etrusted.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.klevu.com *.ksearchnet.com https://css.zohocdn.com/ https://d19ayerf5ehaab.cloudfront.net/ https://d1azc1qln24ryf.cloudfront.net/ https://*.hotjar.com/ *.cloudfront.net *.reviews.io *.reviews.co.uk https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://www.facebook.com/ https://0merchantacsstag.cardinalcommerce.com/ https://1merchantacsstag.cardinalcommerce.com/ *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://widget.reviews.co.uk/ https://gum.criteo.com/ https://*.hotjar.com/ https://www.paypalobjects.com/ https://c.sandbox.paypal.com/ https://tst.kaptcha.com/ *.reviews.io *.reviews.co.uk https://www.google.com *.weltpixel.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.trackedlink.net *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://www.google.com/ https://www.google.co.uk/ https://bat.bing.com/ https://www.facebook.com/ https://x.bidswitch.net/ https://ib.adnxs.com/ https://cm.g.doubleclick.net/ https://r.casalemedia.com/ https://ad.360yield.com/ https://contextual.media.net/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://simage2.pubmatic.com/ https://pixel.rubiconproject.com/ https://match.sharethrough.com/ https://sync-t1.taboola.com/ https://criteo-sync.teads.tv/ https://eb2.3lift.com/ https://ups.analytics.yahoo.com/ https://ad.yieldlab.net/ https://cm.adform.net/ https://visitor.omnitagjs.com/ https://gum.criteo.com/ https://id5-sync.com/ https://ad.sxp.smartclip.net/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://dis.criteo.com/ https://beacon.krxd.net/ https://s.thebrighttag.com/ https://rtb-csync.smartadserver.com/ https://widget.eu.criteo.com/ https://assets.reviews.io/ https://matching.ivitrack.com/ https://www.lyco.co.uk/ https://uat.lyco.co.uk/ https://c.sandbox.paypal.com/ https://services.postcodeanywhere.co.uk/ https://*.google-analytics.com/ https://*.analytics.google.com/ https://*.hotjar.com/ https://imgs.cdn-btsg.com/ https://secure.adnxs.com/ https://bam.nr-data.net/ *.cloudfront.net *.reviews.io *.reviews.co.uk https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com js.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com bat.bing.com https://connect.facebook.net/ https://static.criteo.net/ https://widget.reviews.co.uk/ https://salesiq.zoho.eu/ https://analytics.webgains.io/ https://googleads.g.doubleclick.net/ https://www.clarity.ms/ https://*.hotjar.com/ https://sslwidget.criteo.com/ https://js-agent.newrelic.com/ https://js.zohocdn.com/ https://bam.nr-data.net/ https://widget.eu.criteo.com/ https://v2.zopim.com/ https://static.zdassets.com/ https://ekr.zdassets.com/ https://lycod11120.pcapredict.com/ https://services.postcodeanywhere.co.uk/ https://track.webgains.com/ https://songbirdstag.cardinalcommerce.com/ *.reviews.io *.reviews.co.uk https://www.google.com https://www.gstatic.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com https://css.zohocdn.com/ https://widget.reviews.co.uk/ https://d19ayerf5ehaab.cloudfront.net/ https://d1azc1qln24ryf.cloudfront.net/ https://services.postcodeanywhere.co.uk/ https://*.hotjar.com/ data: *.cloudfront.net *.reviews.io *.reviews.co.uk https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://stats.g.doubleclick.net/ https://l.clarity.ms/ https://salesiq.zoho.eu/ wss://vts.zohopublic.eu/ https://bam.nr-data.net/ https://salesiq.zohopublic.eu/ https://vts.zohopublic.eu/ https://api-cache.reviews.co.uk/ https://api.reviews.co.uk/ https://k.clarity.ms/ https://a.clarity.ms/collect https://region1.analytics.google.com/ wss://*.hotjar.com/ https://*.hotjar.com/ https://*.hotjar.io/ https://api.reviews.io/ https://services.postcodeanywhere.co.uk/ https://api.webgains.io/ https://kg668dbov0.execute-api.us-east-1.amazonaws.com/ https://writer.cardinalcommerce.com/ https://m1.openfpcdn.io/ https://*.google-analytics.com/ https://*.analytics.google.com/ https://ekr.zdassets.com/ *.cloudfront.net *.reviews.io *.reviews.co.uk https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net *.fontawesome.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com www.eldorado.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.eldorado.net 'self' 'unsafe-inline'; frame-ancestors www.eldorado.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.xtento.com www.eldorado.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io www.xtento.com cdn.xtento.com http://new.eldorado.net https://new.eldorado.net http://www.googleadservices.com http://www.google-analytics.com http://www.paypal.com http://www.paypalobjects.com www.eldorado.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.xtento.com cdn.xtento.com https://www.google.com https://www.gstatic.com https://maxcdn.bootstrapcdn.com https://tag.getdrip.com https://api.getdrip.com https://www.googletagmanager.com https://ajax.cloudflare.com https://www.google-analytics.com *.eldorado.net *.avada.io www.eldorado.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com www.eldorado.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.eldorado.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io https://www.google-analytics.com/ https://get.geojs.io *.avada.io www.eldorado.net 'self' 'unsafe-inline'; child-src www.eldorado.net http: https: blob: 'self' 'unsafe-inline'; default-src www.eldorado.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com content.teachingtextbooksapp.com https://content.teachingtextbooksapp.com/magentoimages https://content.teachingtextbooksapp.com/ecom *.s3.amazonaws.com *.teachingtextbooks.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.avada.io *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/zLD1nfkNCJC1kEswSRdSyd-p/recaptcha__en.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.teachingtextbooksapp.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adobe.io performance.typekit.net *.sentry.io https://get.geojs.io *.avada.io *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google-analytics.com www.googletagmanager.com *.gstatic.com *.hotjar.com *.googleapis.com www.youtube.com www.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-NIqKWDdHTj_EmsizGBb8Xw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src maxcdn.bootstrapcdn.com fonts.gstatic.com *.azureedge.net *.doofinder.com *.typekit.net *.googleapis.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com *.storyblok.com 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com platform.twitter.com *.multisafepay.com https://pay.google.com *.hotjar.com *.oct8ne.com *.pinterest.com *.doofinder.com *.empathybroker.com *.empathy.co *.criteo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com cdn.doofinder.com *.equalweb.com https://images.unsplash.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.multisafepay.com *.facebook.com *.google.com *.google.es widgets.trustedshops.com *.twitter.com t.co *.azureedge.net *.pinterest.com *.doofinder.com *.bing.com *.storyblok.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.doofinder.com *.equalweb.com connect.facebook.net twitter.com platform.twitter.com *.multisafepay.com https://pay.google.com www.googletagmanager.com *.googleoptimize.com widgets.trustedshops.com static-eu.oct8ne.com static.zdassets.com *.facebook.net *.tradedoubler.com *.doubleclick.net *.hotjar.com *.ads-twitter.com smct.co *.bsmartdata.com *.retargeted.co *.bing.com *.clarity.ms *.smartsuppcdn.com *.smartsuppchat.com *.smartsupp.com *.connectif.cloud *.klaviyo.com *.photoslurp.com *.pinimg.com *.nosto.com *.doofinder.com *.empathybroker.com *.unpkg.com *.storyblok.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.doofinder.com maxcdn.bootstrapcdn.com *.multisafepay.com *.photoslurp.com *.nosto.com *.klaviyo.com *.typekit.net *.storyblok.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.storyblok.com *.zdassets.com *.doofinder.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.doofinder.com wss://*.doofinder.com *.equalweb.com *.multisafepay.com *.oct8ne.com *.zendesk.com *.zopim.com *.doubleclick.net *.hotjar.com *.hotjar.io *.clarity.ms *.smartsuppcdn.com *.googleapis.com *.gstatic.com *.google-analytics.com *.google.es *.connectif.cloud *.klaviyo.com *.photoslurp.com *.zdassets.com *.pinterest.com *.nosto.com *.empathybroker.com *.empathy.co 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-0ibTfSTd3zxmMig7quFKWQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-WA0inoI5JfkkKHemVGuDPQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-hOxn0IPb0sQAyChcQb9biA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
style-src-elem cdn.jsdelivr.net fonts.googleapis.com *.bootstrapcdn.com www.kettner.com *.typekit.net; script-src-elem cdn.jsdelivr.net www.google.com www.googleadservices.com googleads.g.doubleclick.net *.googletagmanager.com *.gstatic.com *.google-analytics.com cdn.usersnap.com api.usersnap.com *.facebook.net www.kettner.com *.typekit.net *.saferpay.com; font-src fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.fontawesome.com data: online.swagger.io *.typekit.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com https://www.youtube.com *.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.googleapis.com maps.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.magezon.com online.swagger.io img.youtube.com cdn.usersnap.com cdn.jsdelivr.net www.facebook.com www.google.com www.google.at https://redchamps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com jquery.sellxed.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.google.com *.fontawesome.com polyfill.io *.usersnap.com *.gstatic.com *.payments-amazon.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com downloads.mailchimp.com maxcdn.bootstrapcdn.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com api.usersnap.com *.algolianet.com *.algolia.net *.amazon.com *.google-analytics.com *.loadbee.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.kettner.com 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com data: maxcdn.bootstrapcdn.com *.global-e.com *.amazonaws.com *.bootstrapcdn.com *.livechatinc.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.global-e.com *.google.com *.addthis.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com validate.fishpig.co.uk http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.softstarshoes.com *.global-e.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.mailchimp.com *.list-manage.com *.addthis.com *.addthisedge.com *.pinterest.com *.googletagmanager.com *.facebook.net *.google.com *.gstatic.com *.bglobale.com *.cloudflare.com chimpstatic.com *.global-e.com *.braintreegateway.com *.cloudflareinsights.com *.dwin1.com *.livechatinc.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.global-e.com *.bglobale.com *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.addthis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-qaVMIq6OM-TD4Ti_u1pDZw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-uzB3cf63vjSUXjF3Dfj4DA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src https://*.dickson-constant.com https://fonts.gstatic.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://*.dickson-constant.com https://www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://*.dickson-constant.com https://www.google.com https://www.facebook.com https://vars.hotjar.com/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://*.dickson-constant.com https://img.youtube.com https://www.googletagmanager.com https://www.facebook.com https://maps.gstatic.com https://maps.google.com https://maps.googleapis.com https://platform-cdn.sharethis.com https://www.google.fr https://ad.doubleclick.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ jquery.sellxed.com https://*.dickson-constant.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://connect.facebook.net https://www.youtube.com https://maps.googleapis.com https://platform-api.sharethis.com https://buttons-config.sharethis.com https://static.hotjar.com https://script.hotjar.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://*.dickson-constant.com https://fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.dickson-constant.com https://www.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://maps.googleapis.com https://l.sharethis.com https://in.hotjar.com https://region1.google-analytics.com https://www.google.fr *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-hzfEzIFzNuQRBohdeOsKvA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-QpLRYg6n-blObKjkr8rfoA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
img-src https://higherlogicdownload.s3.amazonaws.com/SITCANCER/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/SITCANCER/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/SITCANCER/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' https://higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/SITCANCER/ https://higherlogicdownload.s3.amazonaws.com/SITCANCER/ https://higherlogiclongterm.s3.amazonaws.com/SITCANCER/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogiccloudfront.s3.amazonaws.com https://higherlogicdownload.s3.amazonaws.com/SITCANCER/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/SITCANCER/ 'self' https://higherlogiclongterm.s3.amazonaws.com/SITCANCER/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; media-src https://higherlogiclongterm.s3.amazonaws.com/SITCANCER/ https://higherlogicdownload.s3.amazonaws.com/SITCANCER/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/SITCANCER/ https://higherlogicstream.s3.amazonaws.com/SITCANCER/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/SITCANCER/ https://higherlogicdownload.s3.amazonaws.com/SITCANCER/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/hlqui-2024-05-08.js https://d132x6oi8ychic.cloudfront.net https://cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/SITCANCER/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/hlq-2024-05-08.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; script-src-elem https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/hlqui-2024-05-08.js https://d3uf7shreuzboy.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/hlq-2024-05-08.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; default-src 'self'; base-uri 'self'; connect-src 'self' https://hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1
worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.google.com oppwa.com test.oppwa.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com oppwa.com test.oppwa.com data:text facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.addthis.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de maps.googleapis.com maps.gstatic.com *.googleadservices.com *.google-analytics.com cdn.ckeditor.com oppwa.com test.oppwa.com *.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com *.google.com *.fbcdn.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de maps.googleapis.com cdn.ckeditor.com/ oppwa.com test.oppwa.com *.google.com *.gstatic.com cdn.ampproject.org connect.facebook.net www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com www.facebook.com graph.facebook.com business.facebook.com js.klevu.com *.ksearchnet.com s7.addthis.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com/ cdn.ckeditor.com/ oppwa.com test.oppwa.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.klevu.com *.ksearchnet.com *.fontawesome.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de maps.googleapis.com/ oppwa.com test.oppwa.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klevu.com *.ksearchnet.com ekr.zdassets.com/ www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net *.fontawesome.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com magento-cloudflare.jetrails.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io *.ytimg.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.hotjar.com w.soundcloud.com content.hotjar.io *.doubleclick.net www.google.com open.spotify.com *.gstatic.com vc.hotjar.io corretoronlinenoticias.com.br *.googleapis.com metrics.hotjar.io www.googletagmanager.com www.youtube.com www.google.com.br analytics.google.com i.ytimg.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-kNniOyZ0-hCcf8r6bSFHyw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.googleapis.com *.gstatic.com data: *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com static.userback.io *.cylindo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com *.carnegiefabrics.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.google.com www.xtento.com *.twitter.com fast.wistia.net td.doubleclick.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.xtento.com cdn.xtento.com *.pinterest.com *.cloudflare.com *.klarna.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.wistia.com *.elfsight.com *.elfsightcdn.com *.cylindo.com content-v2.cylindo.com *.google.com www.google.com.ua *.linkedin.com carnegiefabrics.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://redchamps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.xtento.com cdn.xtento.com fast.wistia.net static.userback.io *.carnegiefabrics.com *.cloudflare.com cookie-cdn.cookiepro.com *.twitter.com *.crazyegg.com *.pardot.com *.pinterest.com *.google-analytics.com *.google.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com js-agent.newrelic.com bam.nr-data.net *.wistia.com *.elfsight.com *.cylindo.com snap.licdn.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com static.userback.io *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.cylindo.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: *.wistia.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com api.userback.io *.stackpathdns.com cookie-cdn.cookiepro.com *.crazyegg.com stats.g.doubleclick.net geolocation.onetrust.com *.google-analytics.com *.cloudflare.com *.twitter.com *.paypal.com bam.nr-data.net *.wistia.com *.elfsight.com *.litix.io *.cylindo.com content-v2.cylindo.com *.linkedin.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.carnegiefabrics.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.facebook.com *.google.com *.google.com.vn https://stats.g.doubleclick.net 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.twitter.com *.facebook.com *.google.com *.google.com.vn https://stats.g.doubleclick.net https://connect.facebook.net https://googleads.g.doubleclick.net *.newrelic.com *.nr-data.net 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.twitter.com *.facebook.com *.google.com *.google.com.vn https://stats.g.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.gstatic.com *.googleapis.com *.facebook.com *.google.com *.google.com.vn 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googletagmanager.com *.google.com *.googleapis.com *.facebook.com *.google.com.vn https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://connect.facebook.net *.nr-data.net *.newrelic.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.facebook.com *.google.com *.google.com.vn 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google-analytics.com *.ip-api.com *.facebook.com *.google.com *.google.com.vn https://stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.typekit.net *.bomenenzo.nl *.feedbackcompany.com *.fontawesome.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.bomenenzo.nl *.feedbackcompany.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net *.facebook.com *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://d1pna5l3xsntoj.cloudfront.net *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.bird.eu *.datatrics.com *.google.nl *.google-analytics.com *.hipex.cloud *.bomenenzo.nl *.smartsuppcdn.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.feedbackcompany.com *.multisafepay.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.convertexperiments.com *.smartsuppchat.com widget-v2.smartsuppcdn.com *.feedbackcompany.com *.datatrics.com *.bomenenzo.nl chimpstatic.com downloads.mailchimp.com *.list-manage.com *.multisafepay.com https://pay.google.com https://widgets.trustedshops.com https://integrations.etrusted.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://d1pna5l3xsntoj.cloudfront.net fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.typekit.net *.bomenenzo.nl downloads.mailchimp.com *.fontawesome.com *.multisafepay.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://core.helloretail.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.convertexperiments.com *.smartsuppchat.com widget-v2.smartsuppcdn.com translations.smartsuppcdn.com websocket-visitors.smartsupp.com wss://*.smartsupp.com *.feedbackcompany.com *.datatrics.com *.bomenenzo.nl *.multisafepay.com *.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.gstatic.com *.bootstrapcdn.com acsbapp.com *.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.google.com *.stripe.com acsbapp.com *.accessibe.com *.cdn-btsg.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.godaddy.com *.authorize.net *.magentocommerce.com *.google.com *.google.ru *.google.nl *.google.be *.google.kg *.google.de *.bing.com *.acsbapp.com *.clarity.ms *.cdn-btsg.com *.google.com.eg *.zonos.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.google.com *.gstatic.com *.googletagmanager.com *.authorize.net *.godaddy.com *.melenlab.com *.stripe.com *.bing.com acsbapp.com *.signifyd.com:* *.cardinalcommerce.com *.googleadservices.com *.google-analytics.com *.ytimg.com js.braintreegateway.comm *.klaviyo.com *.clarity.ms *.cloudflareinsights.com *.smartsites.com *.cdn-btsg.com *.zonos.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com unsafe-inline *.googleapis.com *.bootstrapcdn.com *.klaviyo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.googleadservices.com *.google-analytics.com *.google.analytics.com *.doubleclick.net *.melenlab.com *.google.com *.google.ru *.google.com.eg *.google.nl *.google.be *.google.kg *.klaviyo.com *.acsbapp.com *.signifyd.com:* *.signifyd.com *.clarity.ms *.smartsites.com *.cdn-btsg.com *.zonos.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /csp-report; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-kTmlwBl4_5Pk9LXtvC350Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'strict-dynamic' 'self' 'nonce-fxCy5KQTYDBVjw4rZUuvnA==' 'report-sample'; report-uri /gdhvb2c.onmicrosoft.com/B2C_1_signup_signin/client/cspreport?p=B2C_1_signup_signin 1
object-src 'none';base-uri 'self';script-src 'nonce-xcwr73OojSjmBwg9FcCr_w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.opayo.eu.elavon.com *.fontawesome.com https://www.gstatic.com https://fonts.gstatic.com data: *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.opayo.eu.elavon.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.opayo.eu.elavon.com account.fetchify.com https://www.google.com www.youtube.com youtube.com player.vimeo.com wchat.freshchat.com ukpos.webpush.freshchat.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.paypal.com *.opayo.eu.elavon.com bat.bing.com www.facebook.com www.xtento.com cdn.xtento.com *.google.com *.google.fr *.google.ie *.google.co.uk *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.opayo.eu.elavon.com *.avada.io *.google.com https://www.gstatic.com ict.infinity-tracking.net script.crazyegg.com bat.bing.com wchat.freshchat.com api.feefo.com register.feefo.com connect.facebook.net client.prod.mplat-ppcprotect.com https://s3.amazonaws.com/downloads.mailchimp.com/ www.xtento.com cdn.xtento.com *.google.fr *.google.ie *.google.co.uk *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net *.yotpo.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.opayo.eu.elavon.com cc-cdn.com *.fontawesome.com wchat.freshchat.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.paypal.com *.opayo.eu.elavon.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk ict.infinity-tracking.net script.crazyegg.com tracking.crazyegg.com bat.bing.com client.prod.mplat-ppcprotect.com click.prod.mplat-ppcprotect.com region1.analytics.google.com https://www.google.co.uk/ads/ data: *.google-analytics.com stats.g.doubleclick.net *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-LWqUABwiEcGbCE-X7bhQfA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-inline' https://player.vimeo.com  data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' https://static.queue-it.net https://assets.queue-it.net https://www.youtube.com https://player.vimeo.com https://cdn.jsdelivr.net 'nonce-RfW3njB9+FApRWkuAI7nDSDTIQQxdZkg9dsJDcn4Iak='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://vimeo.com https://cdn.jsdelivr.net; worker-src 'self' blob:;report-to https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub7b365ff4e383a8c546d53da7507a6fc0&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=booker 1
object-src 'none';base-uri 'self';script-src 'nonce-U7NNhX-xxySc3AaWzjTnWg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; script-src-attr 'self'; frame-ancestors 'self' 1
default-src 'self'; child-src 'none'; object-src 'none'; script-src http: https: 'strict-dynamic' 'nonce-hPsASGCg0jbmMxKTpYBdgCTXwC/xJSRDYxGzlZltWFA='; connect-src 'self' https://vitruv.uni-tuebingen.de; worker-src blob:; style-src 'self' 'unsafe-inline'; img-src 'self'; font-src 'self'; base-uri 'self'; frame-src 'self'; 1
font-src *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com https://use.typekit.net https://fonts.gstatic.com/ https://p.typekit.net/ https://fonts.googleapis.com/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com https://www.rsa3dsauth.co.uk/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw https://widget.trustpilot.com/ https://consentcdn.cookiebot.com/ https://www.rsa3dsauth.co.uk/ www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.afd.co.uk *.stripe.com *.google.com ebizmarts-website.s3.amazonaws.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.magezon.com https://media.jtatkinson.co.uk/ https://imgsct.cookiebot.com/ www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.google.com *.afd.co.uk *.stripe.com *.sagepay.com *.opayo.eu.elavon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://widget.trustpilot.com/ https://consent.cookiebot.com https://consentcdn.cookiebot.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com https://static.klaviyo.com https://use.typekit.net https://fonts.gstatic.com/ https://p.typekit.net/ https://fonts.googleapis.com/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://apps.afd.co.uk *.stripe.com *.google.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://consentcdn.cookiebot.com https://consent.cookiebot.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.googleapis.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * static.olark.com *.facebook.com amc.demdex.net https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.christianlight.com *.visualwebsiteoptimizer.com *.google.com *.windows.net *.facebook.com *.google.ru *.bing.com *.olark.com *.cookielaw.org *.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.googleusercontent.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com dev.visualwebsiteoptimizer.com connect.facebook.net bat.bing.com cdn.roirevolution.com js.bronto.com *.olark.com ajax.googleapis.com edge1.certona.net www.res-x.com *.celebros-analytics.com js-agent.newrelic.com bam-cell.nr-data.net *.cookielaw.org *.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com use.fontawesome.com uitemplatev3stag.celebros.com static.olark.com www.christianlight.com fonts.googleapis.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.olark.com *.christianlight.com *.cookielaw.org 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.roirevolution.com *.google-analytics.com *.bronto.com *.olark.com *.doubleclick.net bam-cell.nr-data.net *.cookielaw.org *.onetrust.com *.googleapis.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.christianlight.com/; report-to report-endpoint; 1
font-src *.fontawesome.com d1w350bl4wlonm.cloudfront.net d8mmzo4dbge7k.cloudfront.net drevs12goudzk.cloudfront.net d2zjb5saaoidg0.cloudfront.net d1bj2pk3s4epo2.cloudfront.net d12kmzq5k6k6i9.cloudfront.net d3o0jgwii26u89.cloudfront.net nuk.de fonts.gstatic.com applepay.cdn-apple.com cdnjs.cloudflare.com/ *.gstatic.com 'self' data: https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com oppwa.com *.oppwa.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.awin1.com *.zenaps.com *.fls.doubleclick.net display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com https://www.googletagmanager.com/ configurator.nuk.de pay.google.com applepay.cdn-apple.com cmp.osano.com match.adsrvr.org hal9000.redintelligence.net insight.adsrvr.org ad.ad-srv.net d.c.cdnsrv.de surveymonkey.com www.surveymonkey.com secure.novalnet.de customers.barzahlen.de customers-sandbox.barzahlen.de oppwa.com *.oppwa.com data:text 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.awin1.com *.zenaps.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ d1w350bl4wlonm.cloudfront.net d8mmzo4dbge7k.cloudfront.net drevs12goudzk.cloudfront.net d2zjb5saaoidg0.cloudfront.net d1bj2pk3s4epo2.cloudfront.net d12kmzq5k6k6i9.cloudfront.net d3o0jgwii26u89.cloudfront.net display-stg.ugc.bazaarvoice.com network-eu-stg-a.bazaarvoice.com network-eu-a.bazaarvoice.com www.gstatic.com nuk.de cdn.pixabay.com maps.googleapis.com ad.doubleclick.net t.uimserv.net maps.gstatic.com https://api.mapbox.com oppwa.com *.oppwa.com 'self' data: https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com widget.freshworks.com m2epro.freshdesk.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ d1w350bl4wlonm.cloudfront.net d8mmzo4dbge7k.cloudfront.net drevs12goudzk.cloudfront.net d2zjb5saaoidg0.cloudfront.net d1bj2pk3s4epo2.cloudfront.net d12kmzq5k6k6i 9.cloudfront.net d3o0jgwii26u89.cloudfront.net mapagmbh.germany-2.evergage.com cdn.evgnet.com/ network-eu-stg-a.bazaarvoice.com network-eu-a.bazaarvoice.com facebook.net facebook.com etracker.com etracker.de nuk.de maps.googleapis.com cmp.osano.com newell.piwik.pro tm.ad-srv.net s.uicdn.com connect.facebook.net cdn.mookie1.com acdn.adnxs.com js.adsrvr.org r.df-srv.de d.c.cdnsrv.de widget.surveymonkey.com ajax.googleapis.com cdn.novalnet.de cdn.barzahlen.de *.oppwa.com oppwa.com *.google.com *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src display.ugc.bazaarvoice.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com d1w350bl4wlonm.cloudfront.net d8mmzo4dbge7k.cloudfront.net drevs12goudzk.cloudfront.net d2zjb5saaoidg0.cloudfront.net d1bj2pk3s4epo2.cloudfront.net d12kmzq5k6k6i9.cloudfront.net d3o0jgwii26u89.cloudfront.net fonts.googleapis.com nuk.de cdnjs.cloudflare.com/ oppwa.com *.oppwa.com *.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://the.sciencebehindecommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com widget.freshworks.com m2epro.freshdesk.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ d1w350bl4wlonm.cloudfront.net d8mmzo4dbge7k.cloudfront.net drevs12goudzk.cloudfront.net d2zjb5saaoidg0.cloudfront.net d1bj2pk3s4epo2.cloudfront.net d12kmzq5k6k6i9.cloudfront.net d3o0jgwii26u89.cloudfront.net nuk.de secure.novalnet.de maps.googleapis.com newell.piwik.pro www.google.com google.com googleads.g.doubleclick.net mapagmbh.germany-2.evergage.com www.wepowerconnections.com cmp.osano.com oppwa.com *.oppwa.com autocomplete2.postdirekt.de *.google-analytics.com *.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
block-all-mixed-content 1
object-src 'none';base-uri 'self';script-src 'nonce-MZiL-4XhAqJ9gMEy-C9W4g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com 'self' data: data: 'self' 'unsafe-inline'; form-action *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.cookiebot.com *.doubleclick.net js.mollie.com www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.bing.com https://images.unsplash.com https://www.mollie.com *.hsforms.net *.hsforms.com 'self' data: www.xtento.com cdn.xtento.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cookiebot.com *.cloudfront.net *.bing.com *.facebook.net https://polyfill-fastly.io https://browser.sentry-cdn.com *.avada.io js.mollie.com *.hsforms.net *.hsforms.com *.gstatic.com www.xtento.com cdn.xtento.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.fontawesome.com *.googleapis.com *.gstatic.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://*.ingest.sentry.io https://get.geojs.io *.avada.io t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.pinterest.com *.mercadopago.com.br *.usebeon.io *.hotjar.com *.rdstation.com.br *.pinimg.com *.googleapis.com https://cdnjs.cloudflare.com *.facebook.com ws://wsp45.hotjar.com *.hotjar.io *.tiktok.com *.googlesyndication.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.cardinalcommerce.com *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.mercadopago.com.br *.mercadopago.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.rdstation.com.br *.hotjar.com *.pinimg.com *.pinterest.com *.googleapis.com https://cdnjs.cloudflare.com *.facebook.com ws://wsp45.hotjar.com *.hotjar.io *.tiktok.com *.googlesyndication.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com none *.mundipagg.com *.googletagmanager.com *.google.com *.google.com.br *.youtube.com *.newrelic.com *.nr-data.net *.facebook.net *.facebook.com *.pinterest.com *.mercadopago.com.br *.usebeon.io *.hotjar.com *.rdstation.com.br *.pinimg.com *.googleapis.com https://cdnjs.cloudflare.com ws://wsp45.hotjar.com *.hotjar.io *.tiktok.com *.googlesyndication.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.mundipagg.com *.zopim.com *.sunset.systems *.googletagmanager.com *.google.com *.google.com.br *.performa.ai *.ebit.com.br *.tawk.to *.bizcommerce.com.br youtube.com *.doubleclick.net *.newrelic.com *.nr-data.net *.facebook.net *.facebook.com *.mercadolibre.com *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.cardinalcommerce.com *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.mercadopago.com.br *.mercadopago.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.paypal.com * *.pinterest.com *.usebeon.io *.hotjar.com *.rdstation.com.br *.pinimg.com *.googleapis.com https://cdnjs.cloudflare.com ws://wsp45.hotjar.com *.hotjar.io *.tiktok.com *.googlesyndication.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.mundipagg.com *.googleusercontent.com *.googletagmanager.com *.google.com *.google.com.br *.zopim.com *.siteblindado.com *.cloudfront.net *.cartstack.com *.cartstack.com.br *.conectiva.io conectiva.io *.conectiva.app *.sunset.systems *.tolvnow.com *.cupom.social *.akamaihd.net *.akstat.io *.performa.ai *.ebit.com.br *.tawk.to *.bizcommerce.com.br *.e-goi.com *.yourviews.com.br *.jivosite.com *.newrelic.com *.nr-data.net *.facebook.net *.facebook.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com cdn.mundipagg.com api.pagar.me www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.pinterest.com *.mercadopago.com.br *.usebeon.io *.hotjar.com *.rdstation.com.br *.pinimg.com *.googleapis.com https://cdnjs.cloudflare.com ws://wsp45.hotjar.com *.hotjar.io *.tiktok.com *.googlesyndication.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.zdassets.com *.bizcommerce.com.br *.zendesk.com *.getbutton.io *.whatshelp.io *.googletagmanager.com *.google.com *.google.com.br *.svcs.biz *.mundipagg.com *.zopim.com *.siteblindado.com *.cloudfront.net *.cartstack.com *.cartstack.com.br *.conectiva.io conectiva.io *.conectiva.app *.sunset.systems *.tolvnow.com *.tolvfaq.com *.cupom.social *.performa.ai *.ebit.com.br *.tawk.to *.go-mpulse.net *.e-goi.com *.yourviews.com.br *.jivosite.com *.facebook.net *.facebook.com *.mlstatic.com *.mercadopago.com *.pagseguro.com.br 3ds2.pagar.me 3ds2-sdx.pagar.me js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.pinterest.com *.mercadopago.com.br *.usebeon.io *.hotjar.com *.rdstation.com.br *.pinimg.com *.googleapis.com https://cdnjs.cloudflare.com ws://wsp45.hotjar.com *.hotjar.io *.tiktok.com *.googlesyndication.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.tolvnow.com *.cupom.social *.googletagmanager.com *.performa.ai *.ebit.com.br *.tawk.to *.bizcommerce.com.br *.youtube.com *.e-goi.com *.yourviews.com.br *.jivosite.com *.newrelic.com *.nr-data.net *.google.com *.facebook.net *.facebook.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.pinterest.com *.mercadopago.com.br *.usebeon.io *.hotjar.com *.rdstation.com.br *.pinimg.com https://cdnjs.cloudflare.com ws://wsp45.hotjar.com *.hotjar.io *.tiktok.com *.googlesyndication.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.rdstation.com.br *.hotjar.com *.pinimg.com *.pinterest.com *.mercadopago.com.br *.googleapis.com https://cdnjs.cloudflare.com *.facebook.com ws://wsp45.hotjar.com *.hotjar.io *.tiktok.com *.googlesyndication.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.bolt.com *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.zdassets.com *.zendesk.com *.googletagmanager.com *.google.com *.google.com.br *.svcs.biz *.mundipagg.com *.zopim.com *.siteblindado.com *.tolvnow.com *.cloudfront.net *.cartstack.com *.cartstack.com.br conectiva.io *.conectiva.io *.conectiva.app *.sunset.systems *.cupom.social *.doubleclick.net *.performa.ai *.ebit.com.br *.akstat.io *.go-mpulse.net *.tawk.to *.bizcommerce.com.br *.youtube.com *.e-goi.com *.yourviews.com.br *.jivosite.com *.facebook.net *.facebook.com *.mercadopago.com *.mercadolibre.com api.mundipagg.com api.pagar.me api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.pinterest.com *.mercadopago.com.br *.usebeon.io *.hotjar.com fonts.googleapis.com fonts.gstatic.com *.rdstation.com.br *.pinimg.com *.googleapis.com https://cdnjs.cloudflare.com ws://wsp45.hotjar.com *.hotjar.io *.tiktok.com *.googlesyndication.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.rdstation.com.br *.hotjar.com *.pinimg.com *.pinterest.com *.mercadopago.com.br *.googleapis.com https://cdnjs.cloudflare.com *.facebook.com ws://wsp45.hotjar.com *.hotjar.io *.tiktok.com *.googlesyndication.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' www.googletagmanager.com; connect-src 'self' stats.g.doubleclick.net www.google-analytics.com www.facebook.com; font-src 'self' fonts.gstatic.com; form-action 'self' *.facebook.com; frame-src 'self' https://mozbar.moz.com *.twitter.com *.facebook.com *.youtube.com; img-src 'self' blob: *.twitter.com *.facebook.com *.google-analytics.com www.googletagmanager.com data:; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'sha256-t7PRulDBsBN40urjjgytSFhjqGMYT5Kl3fdRE2ubvSE='  'sha256-vL/UzBZz8IbbPTmdNOgTwTx9iMwsGVM+gcN65JsVkDs=' 'sha256-S0XUzHZoDoB9/hx7r05o2BA44KqBY0GRS7uUeOn7m6w=' 'sha256-HKRD3wb0LE1gQr+YGmAPtJeS7e6cc/VmvLqzykg7RC4=' 'sha256-uFV0NPG/pWXptUbx5XcwBHbhPGDxz/9Y++GGxxJ9COg=' 'sha256-Hx522ue/2keAMYU+UzkDxVexE9HoQ154EbuSno7RyXo=' 'sha256-2NqnatcPqy5jjBXalTpZyJMO/0fUaYUb3ePlviUP4II=' 'sha256-3HKyJTHCclaNd/c73eY3lARVMZ5HhgL//Z4Y9iyZwS0=' 'sha256-tz5dYCqMXXIUZgYND7s9k+WMYO0xLf1k1ao2qJ4SfIg=' 'sha256-LPfty6rGPdwB3t78TnFfkcK5f0bAtVn45Lio4LNK3NI=' 'sha256-UTCVm60QfQFHVOpQI3OLoctvejHNx0+HULCqezCINhY=' 'sha256-UITiqbXyaWS7NpwiFrMIbdXAZy5EXLRUHkpylF4504k=' 'sha256-Vqqy1EC4o2NeucB3SDVgIye7XvqKdlrCBRF2Y8vEbQo=' 'sha256-KjPEOuxv7NuVC7z0lYu6dL4wI0jzM3ITmXypoty3jSw=' 'sha256-VKAaJ2oQNivaQjh0ZN2vS9EPAmX80LShK/wQBqviYk4=' 'sha256-LPfty6rGPdwB3t78TnFfkcK5f0bAtVn45Lio4LNK3NI='  'sha256-UTCVm60QfQFHVOpQI3OLoctvejHNx0+HULCqezCINhY=' 'sha256-Xj7O0zUcSSSgumEShX6kqyjYSm510v2xE+EL2bbKW9E=' 'sha256-sSOWNIawm+pckUcq4r55z6eSntM9zhX789Fk1No4c80=' 'sha256-JOWRgjcky15TFNId0Eriikp+RUe5xMIjiBWFj28khRI=' 'sha256-KjPEOuxv7NuVC7z0lYu6dL4wI0jzM3ITmXypoty3jSw=' 'sha256-Hx522ue/2keAMYU+UzkDxVexE9HoQ154EbuSno7RyXo=' 'sha256-Afstol4nLODtvjRLyF6XmhANHJHIQi+roPlGB9DC8Ho=' *.facebook.net *.twitter.com *.norton.com *.google-analytics.com *.googletagmanager.com; style-src-attr 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'sha256-VKAaJ2oQNivaQjh0ZN2vS9EPAmX80LShK/wQBqviYk4=' 'sha256-LPfty6rGPdwB3t78TnFfkcK5f0bAtVn45Lio4LNK3NI=' 'sha256-UTCVm60QfQFHVOpQI3OLoctvejHNx0+HULCqezCINhY=' 'sha256-Xj7O0zUcSSSgumEShX6kqyjYSm510v2xE+EL2bbKW9E=' 'sha256-sSOWNIawm+pckUcq4r55z6eSntM9zhX789Fk1No4c80=' 'sha256-JOWRgjcky15TFNId0Eriikp+RUe5xMIjiBWFj28khRI=' 'sha256-KjPEOuxv7NuVC7z0lYu6dL4wI0jzM3ITmXypoty3jSw=' 'sha256-VKAaJ2oQNivaQjh0ZN2vS9EPAmX80LShK/wQBqviYk4=' 'sha256-LPfty6rGPdwB3t78TnFfkcK5f0bAtVn45Lio4LNK3NI=' 'unsafe-eval'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com http://fonts.googleapis.com; object-src 'none'; base-uri 'self'; upgrade-insecure-requests; report-uri https://csp.isecurenet.in/_csp_exim 1
object-src 'none';base-uri 'self';script-src 'nonce-gVi_TaWfk_hi5BlBq_B6Ag' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-iPOlHorPLYXt3Q6D-AWoQg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-3a8NpJgRjdXSI_RY3SV9GA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-VdByX8bUCzF1eE42RW7m1Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-DbgX_i8mHxBYhFHbSPwyaQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-K21xsemfdad444DxyzhqmQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-kJkaAXWrK7HfWetY9IDRUA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-hbzCVoPKkwZu34_5W5PF2g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-AIDZXRdUiIvdVxU2MW90-w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-MZOLWBKGxCrrgImE581YBA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https:; img-src 'self' data: https://cdn.shopify.com https://cdn.sweettooth.io https://alb.reddit.com https://www.google-analytics.com https://www.google.com https://www.google.co.uk https://*.bing.com https://*.clarity.ms https://*.gorgias.io https://*.gorgias.chat https://services.postcodeanywhere.co.uk https://dev.poq.io/ https://productreviews-attachments.trustpilot.com https://proxy.elfsightcdn.com https://www.googletagmanager.com https://api-uploads-cdn.sweettooth.io https://dev.visualwebsiteoptimizer.com https://i.ytimg.com https://www.facebook.com https://d2bzfgi7sjutmd.cloudfront.net https://static.elfsight.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com https://s3.amazonaws.com https://fonts.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://www.redditstatic.com https://cdn.rollbar.com https://polyfill.io https://*.gorgias.chat https://*.hotjar.com https://*.bing.com https://*.clarity.ms https://analytics.tiktok.com https://shy.elfsight.com https://static.elfsight.com https://cdn.sweettooth.io https://www.dwin1.com https://services.postcodeanywhere.co.uk https://dev.poq.io/ https://client-builds.production.gorgias.chat https://dev.visualwebsiteoptimizer.com https://the.sciencebehindecommerce.com https://connect.facebook.net https://websdk.appsflyer.com https://*.fontawesome.com https://*.klaviyo.com https://*.mention-me.com https://cdn.amplitude.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://services.postcodeanywhere.co.uk https://dev.poq.io https://*.typekit.net; connect-src 'self' https://storeapi.arenaflowers.com/ https://*.arenaflowers.net https://services.postcodeanywhere.co.uk https://arenaflowers.us7.list-manage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.google.co.uk https://*.gorgias.chat https://*.hotjar.com https://*.bing.com/ https://*.clarity.ms https://stats.g.doubleclick.net https://analytics.tiktok.com https://api.trustpilot.com https://api.rollbar.com https://dev.poq.io/ https://api.segment.io https://api.instacloud.io https://dev.visualwebsiteoptimizer.com https://the.sciencebehindecommerce.com https://vc.hotjar.io https://adservice.google.com https://banner.appsflyer.com https://*.klaviyo.com https://*.analytics.google.com https://*.doubleclick.net https://*.mention-me.com https://cdn.amplitude.com wss://*.gorgias.chat wss://*.hotjar.com; object-src 'none'; frame-src 'self' https://mention-me.com; report-uri https://qavfg2ndxaczvneictfzdaap2m0xlrlc.lambda-url.eu-west-1.on.aws/; 1
object-src 'none';base-uri 'self';script-src 'nonce-ru3eXFGmAF9szswE-LsrrQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-jR2Y3oAskryPY80qTDL90A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-YuGfpFZJlQXcmTzDfcpZrQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-p0oZdUN_MpulVwX2FkZWRw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-dWxWxJf30Khndgo2FIJLQA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report.php 1
object-src 'none';base-uri 'self';script-src 'nonce-1nzW23LXw_bqQ-a0Q1rjDg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-eval' www.gstatic.com/recaptcha/ www.google.com/recaptcha/ maps.googleapis.com/ www.google-analytics.com/ www.googletagmanager.com/ connect.facebook.net/ use.typekit.net/ marathonconsulting.atlassian.net/ cdnjs.cloudflare.com/ static.cloudflareinsights.com/ 'sha256-FDyPg8CqqIpPAfGVKx1YeKduyLs0ghNYWII21wL+7HM=' 'sha256-rwMOiOeVICH7/Cjy5SkreID3OOi5HTrit357k22hUDQ=' 'sha256-SYy5hngY9HG74Ffb/crqF3n52/EY56bO4u5ew7MBO4w=' 'sha256-2Q9/SDqwDw5Q3jaRghcn1wqijWzMgTqP4L5gyqDFHd0=' 'sha256-URPiwn8Er8uYHjRhabJmI8/K7dHfrfQ/TRkjfdQzFvY=' 'sha256-pmWc3AFRwbddJfIry4j/c1L2XpSAfVQuTnUUrRhMue4=' 'sha256-Dw3S3J3nKsx33BDs0508C/mMK95U1QIrEsSPxTyBoUk=' 'sha256-aDwuswAbypEOUBqCCcn5ZRHxNGtuADmo8gXGWhpjzwM=' 'sha256-DkIjMxisP/Kf+s71opRBSrykOKxr4pOtUa2vAvbUjo8=' 'nonce-aEhLCjoh3r4UVzF/ZJnOBkJhyRhG73Hw21MM4K+rIA4='; report-uri /csp-violations 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.flagman.kiev.ua www.googletagmanager.com www.google-analytics.com yandex.st mc.yandex.ru clck.yandex.ru api-maps.yandex.ru geocode-maps.yandex.ru *.multichannel.demo.owox.com *.retailrocket.ru *.retailrocket.net *.retailrocket.de *.retailrocket.nl *.retailrocket.es *.retailrocket.cl; default-src 'self' fonts.gstatic.com *.flagman.kiev.ua; frame-src *.flagman.kiev.ua vkontakte.ru yastatic.net www.facebook.com vk.com; img-src *.flagman.kiev.ua data: yastatic.net www.google-analytics.com stats.g.doubleclick.net api-maps.yandex.ru *.maps.yandex.net google-analytics.bi.owox.com 130.211.91.193 nullpoint.owox.com *.multichannel.demo.owox.com; style-src 'unsafe-inline' 'self' fonts.googleapis.com *.flagman.kiev.ua; connect-src 'self' mc.yandex.ru www.youtube.com *.googlevideo.com www.google-analytics.com google-analytics.bi.owox.com 130.211.91.193; object-src 'self' www.youtube.com fonts.gstatic.com *.flagman.kiev.ua; 1
block-all-mixed-content; upgrade-insecure-requests; sandbox allow-forms allow-modals allow-orientation-lock allow-presentation allow-same-origin allow-scripts allow-top-navigation-by-user-activation; script-src 'self' 'report-sample' 'strict-dynamic'; frame-ancestors 'self'; frame-src 'self' mailto: tel:; script-src-elem 'self' 'report-sample' 'strict-dynamic'; style-src-elem 'self' 'report-sample'; base-uri 'self'; default-src 'none'; form-action 'self'; media-src 'self'; font-src 'self'; img-src 'self'; style-src 'self' 'report-sample'; report-uri /.well-known/csp/f027b667-5e0e-4623-8474-05468b21cc98 1
object-src 'none';base-uri 'self';script-src 'nonce-bHTx0ZfqAq1Lwvi7fvc2Xw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-P3BHpBksW3N2HS2rbLXHDg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-UBGEd0qUGYoTSMdbTJ9q1w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
upgrade-insecure-requests;  script-src 'self' googleads.g.doubleclick.net stats.g.doubleclick.net ws-na.assoc-amazon.com www.amazon.com rcm.amazon.com www.google.com apis.google.com cse.google.com www.google-analytics.com www.googletagmanager.com partner.googleadservices.com pagead2.googlesyndication.com www.googleadservices.com tpc.googlesyndication.com; frame-src googleads.g.doubleclick.net stats.g.doubleclick.net ws-na.assoc-amazon.com www.amazon.com rcm.amazon.com www.google.com apis.google.com cse.google.com www.google-analytics.com www.googletagmanager.com partner.googleadservices.com pagead2.googlesyndication.com www.googleadservices.com tpc.googlesyndication.com;   object-src 'self'; form-action 'none'; frame-ancestors 'none'; report-uri https://c408453ef55b803114646d679c50ef77.report-uri.com/r/d/csp/reportOnly; 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.fonts.googleapis.com data: *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com www.facebook.com platform.twitter.com *.reviews.io *.reviews.co.uk *.addthis.com *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com *.googleapis.com *.gstatic.com *.facebook.com https://maps.gstatic.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com apis.google.com *.paylike.io *.googletagmanager.com *.facebook.net https://maps.googleapis.com connect.facebook.net twitter.com platform.twitter.com *.reviews.io *.reviews.co.uk *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.googleapis.com *.ideal-postcodes.co.uk *.paylike.io *.google-analytics.com https://maps.googleapis.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.cloudflare.com *.paypal.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-F1tRR4bi0RsnCRmNr06msw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' https://cdn.jsdelivr.net https://platform.twitter.com 'unsafe-inline'; script-src-attr 'self'; style-src 'self' fonts.googleapis.com 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 1
fonts-src https://fonts.gstatic.com; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.adyen.com *.weltpixel.com *.hotjar.com *.oct8ne.com *.pinterest.com *.doofinder.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.storyblok.com *.zdassets.com *.doofinder.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.adyen.com *.oct8ne.com *.zendesk.com *.zopim.com *.doubleclick.net *.hotjar.com *.clarity.ms *.smartsuppcdn.com maps.googleapis.com maps.gstatic.com *.connectif.cloud *.klaviyo.com *.photoslurp.com *.zdassets.com *.pinterest.com *.google-analytics.com *.nosto.com *.doofinder.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; script-src code.jquery.com cdnjs.cloudflare.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googletagmanager.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.adyen.com https://www.googletagmanager.com tagmanager.google.com widgets.trustedshops.com static-eu.oct8ne.com static.zdassets.com *.facebook.net *.tradedoubler.com *.doubleclick.net *.hotjar.com *.ads-twitter.com smct.co *.bsmartdata.com *.retargeted.co *.bing.com *.clarity.ms *.smartsuppcdn.com *.connectif.cloud *.klaviyo.com *.photoslurp.com *.youtube.com *.pinimg.com *.nosto.com *.doofinder.com 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com camo.githubusercontent.com *.adyen.com *.gstatic.com *.facebook.com *.google.com *.google.es widgets.trustedshops.com *.twitter.com t.co *.azureedge.net *.pinterest.com *.doofinder.com data: 'self' 'unsafe-inline'; font-src fonts.gstatic.com data: maxcdn.bootstrapcdn.com *.azureedge.net *.doofinder.com data: 'self' 'unsafe-inline'; style-src fonts.googleapis.com maxcdn.bootstrapcdn.com *.adobe.com tagmanager.google.com *.photoslurp.com *.nosto.com *.doofinder.com *.klaviyo.com 'self' 'unsafe-inline'; 1
script-src  'self' 'unsafe-eval' 'unsafe-inline' blob: https://*.zoho.com https://*.zoho.in https://*.zoho.com.au https://*.zoho.com.cn https://*.zoho.eu https://*.zohocdn.com https://*.stratuscdn.com  https://*.zohocdn.com.cn  https://*.zappsusercontent.com https://*.zappsusercontent.eu https://*.zappsusercontent.in https://*.zappsusercontent.com.au https://*.zappsusercontent.com.cn https://*.localzappscontents.com https://*.zohostatic.com https://*.zohostatic.jp  https://js.skydeskstatic.jp https://*.zoho.com https://media.twiliocdn.com/sdk/js/client/releases/1.7.7/twilio.min.js https://media.twiliocdn.com/sdk/js/client/v1.7/twilio.min.js https://cdn.pagesense.io https://s.ytimg.com/yts/jsbin/ https://ssl.google-analytics.com/ga.js https://www.youtube.com/iframe_api https://dyjgaef5vuq51.cloudfront.net https://dtzpfzv31buvf.cloudfront.net https://d22czkv2r5ogmg.cloudfront.net https://d12h6dzwzn4m10.cloudfront.net https://d17nz991552y2g.cloudfront.net  chrome-extension://*  https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/  https://cdn.pagesense.io https://zohotagmanager.cdn.pagesense.io https://www.zohowebstatic.com/ https://scripts.zohospotlight.com https://widgets.zohosalesiq.com https://js.stripe.com https://connect.facebook.net; report-uri https://logsapi.zoho.com/csplog?service=crm 1
object-src 'none';base-uri 'self';script-src 'nonce-OsG45QjdH-_PeRK2FfLtbQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es facebook.com www.facebook.com *.kxcdn.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es scontent.cdninstagram.com data: *.kxcdn.com amcglobal.sc.omtrdc.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.ampproject.org connect.facebook.net www.googletagmanager.com googletagmanager.com *.kxcdn.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com *.kxcdn.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com dpm.demdex.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-HzNKfMYsgUimFB32cZ0FPQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'nonce-PBu6QHUbic20OcOBmRwY7Q' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
object-src 'none';base-uri 'self';script-src 'nonce-T6B01suXWOLJMOGoEZFovg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-zPTN4YUqkcY0uhXwRIh_cA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.cloudflare.com *.bootstrapcdn.com data: maxcdn.bootstrapcdn.com fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es test.saferpay.com www.saferpay.com saferpay.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com platform.twitter.com test.saferpay.com www.saferpay.com saferpay.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.cloudflare.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com amcglobal.sc.omtrdc.net test.saferpay.com www.saferpay.com saferpay.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.fontawesome.com s7.addthis.com *.avada.io connect.facebook.net twitter.com platform.twitter.com test.saferpay.com www.saferpay.com saferpay.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com maxcdn.bootstrapcdn.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es https://www.sandbox.paypal.com https://www.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.cloudflare.com ekr.zdassets.com/ test.saferpay.com www.saferpay.com saferpay.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-87urEBOkh84dz-Tbt3fwZQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src cdn.jsdelivr.net fonts.gstatic.com cdn.almapay.com *.bglobale.com *.global-e.com *.fontawesome.com fonts.googleapis.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.getalma.eu *.bglobale.com *.global-e.com *.google.com/ *.addthis.com consentcdn.cookiebot.com *.pinterest.com *.doubleclick.net *.onestock-retail.com/ payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.bglobale.com *.global-e.com https://www.magezon.com openstreetmap.org maps.googleapis.com maps.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net *.bglobale.com *.global-e.com *.google.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://cdnjs.cloudflare.com *.gstatic.com *.addthisedge.com *.moatads.com *.addthis.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com *.bglobale.com *.global-e.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.getalma.eu t.elasticsuite.io *.google-analytics.com *.addthis.com maps.googleapis.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.easyship.com td.doubleclick.net www.recaptcha.net *.linkedin.com storage.googleapis.com *.sentry.io *.hubspot.com analytics.google.com bat.bing.com;manifest-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com www.gstatic.cn www.recaptcha.net js.stripe.com www.google-analytics.com browser.sentry-cdn.com js.sentry-cdn.com www.googletagmanager.com cdn-cookieyes.com snap.licdn.com bat.bing.com js.hs-scripts.com d.impactradius-event.com js.usemessages.com js.hs-banner.com js.hsleadflows.net js.hs-analytics.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.google.com;font-src 'self' data: fonts.gstatic.com fonts.gstatic.cn fonts.googleapis.com fonts.google.com js.stripe.com 1
font-src fonts.gstatic.com *.googleapis.com https://*.gstatic.com data: *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com https://v2.zopim.com *.fontawesome.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.googlesyndication.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.google.com/ *.doubleclick.net *.facebook.com *.googlesyndication.com https://widget.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com https://belco-prod.s3-eu-central-1.amazonaws.com https://static.buckaroo.nl https://cdn.clerk.io https://v2assets.zopim.io https://v2.zopim.com https://www.google.com https://www.google.rs https://www.google.nl https://www.google.pl https://www.google.uk https://www.google.de https://www.magezon.com assets.myparcel.nl https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com https://cdn.belco.io https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://api.clerk.io https://cdn.clerk.io https://devdocs.magento.com https://magento.com https://v2.zopim.com https://static.zdassets.com https://amcglobal.sc.omtrdc.net https://static.hotjar.com http://custom.clerk.io http://widgets.trustedshops.com https://widgets.trustedshops.com http://widgets-qa.trustedshops.com https://widgets-qa.trustedshops.com http://static-app.connect-qa.trustedshops.com https://static-app.connect-qa.trustedshops.com http://integrations.etrusted.com https://integrations.etrusted.com cdnjs.cloudflare.com cdn.jsdelivr.net https://integrations.etrusted.site https://static-app.connect.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://*.googleapis.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://api.clerk.io https://cdn.clerk.io *.fontawesome.com cdn.jsdelivr.net https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net https://stats.g.doubleclick.net *.googlesyndication.com wss://chat.belco.io https://cdn.belco.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://ekr.zendesk.com/ https://devdocs.magento.com wss://widget-mediator.zopim.com https://ekr.zdassets.com api.myparcel.nl cdn.jsdelivr.net *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-XSGyQLQymQByMiRx8Wmavw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://h.online-metrix.net https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ cdn.mundipagg.com api.pagar.me 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.mundipagg.com api.pagar.me t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.typekit.net *.icomoon.io *.wisepops.com *.wisepops.net *.feefo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com *.google.com www.googletagmanager.com account.fetchify.com *.cookiebot.com *.facebook.com *.doubleclick.net *.feefo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.google.co.uk *.google.com pay.google.com *.googlesyndication.com *.google.im *.google.pt *.google.nl *.google.it *.google.de *.google.cz *.google.ie *.google.ca *.google.ro *.google.fr *.google.cl *.google.no *.google.co.tz *.google.se *.google.be *.google.pl *.google.es *.google.com.au *.google.com.mt *.google.com.om *.google.co.in *.wisepops.com *.wisepops.net dx4nr741tfc02.cloudfront.net *.bing.com *.clarity.ms yotpo-editor-production.s3.amazonaws.com *.facebook.com *.cdn-cookieyes.com cdn-cookieyes.com *.linkedin.com *.licdn.com *.doubleclick.net *.feefo.com *.typekit.net *.zendesk.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ *.google.com *.hotjar.io *.hotjar.com *.wisepops.com *.wisepops.net wisepops.net *.zdassets.com *.bing.com *.clarity.ms cc-cdn.com *.google.co.uk pay.google.com *.googlesyndication.com gstatic.com *.gstatic.com *.zopim.com *.cdn-cookieyes.com cdn-cookieyes.com *.doubleclick.net *.linkedin.com *.licdn.com *.facebook.com *.feefo.com *.typekit.net *.zendesk.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cc-cdn.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.typekit.net *.wisepops.com *.wisepops.net *.icomoon.io *.klaviyo.com pay.google.com *.feefo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com *.wisepops.com *.wisepops.net *.reviews.co.uk *.amazonaws.com/reviewscouk/ *.feefo.com *.typekit.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.wisepops.com wisepops.net *.zdassets.com wss://widget-mediator.zopim.com *.bing.com *.clarity.ms pay.google.com *.hotjar.io *.hotjar.com wss://ws.hotjar.com *.wisepops.net *.cookieyes.com *.cdn-cookieyes.com cdn-cookieyes.com *.doubleclick.net *.linkedin.com *.licdn.com *.facebook.com *.google.co.uk *.google.com *.googlesyndication.com *.google-analytics.com *.sentry.io *.datadome.co *.feefo.com *.typekit.net *.zendesk.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://57fb3f2f5ef500b7b7a54b5130b4fded.report-uri.com/r/t/csp/wizard 1
report-uri https://cspevents.azurewebsites.net/api/collect;default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.scope.ne.jp *.pay.jp stscopestatics001.blob.core.windows.net scope-files.s3.amazonaws.com *.rakuten.co.jp ui.customsearch.ai hosteduxprod.blob.core.windows.net cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com analytics.google.com *.analytics.google.com www.google.co.jp www.google.com www.gstatic.com func-bbs-scope-stage-japaneast.azurewebsites.net func-bbs-scope-prod-japaneast.azurewebsites.net *.youtube.com yt.ggpht.com *.gstatic.com i.ytimg.com static.doubleclick.net stats.g.doubleclick.net www.facebook.com connect.facebook.net player.vimeo.com td.doubleclick.net js-agent.newrelic.com bam.nr-data.net 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' *.intuit.com intuit.com *.quickbooks.com quickbooks.com *.square.com square.com *.squareupstaging.com squareupstaging.com *.squareup.com squareup.com *.bambee.com bambee.com *.gusto.com gusto.com *.netsuite.com netsuite.com *.dripos.com dripos.com *.enkempass.com enkempass.com *.miter.com miter.com *.eddy.com eddy.com *.housecallpro.com housecallpro.com *.monograph.com monograph.com *.joinwarp.com joinwarp.com *.central.inc central.inc *.7shifts.com 7shifts.com *.belfrysoftware.com belfrysoftware.com *.plane.com plane.com *.tryplayground.com tryplayground.com *.getthera.com getthera.com *.keka.com *.kekad.com *.kekauat.com *.kekastage.com *.kekademo.com *.lumberfi.com lumberfi.com *.checkhq.com checkhq.com; script-src * 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri https://simplyinsured.report-uri.com/r/d/csp/reportOnly 1
frame-ancestors 'self'; report-uri https://www.promomaggi.com.br/report-uri/reportOnly 1
font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://fareharbor.com www.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com store.paradoxlabs.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://fareharbor.com *.chimpstatic.com *.googleapis.com *.google.com *.gstatic.com *.authorize.net www.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com *.authorize.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' blob: data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://*.matomo.cloud https://googleads.g.doubleclick.net https://connect.facebook.net https://az416426.vo.msecnd.net https://www.googleadservices.com https://www.googletagmanager.com https://static-resource.com https://cdn-javascript.net https://tpc.googlesyndication.com https://www.google.com https://tagmanager.google.com https://translate.googleapis.com https://translate.google.com https://u-verdier-test.byggforsk.no https://u-verdier-beta.byggforsk.no https://u-verdier.byggforsk.no https://matomojs.trackify.info https://www.youtube.com https://cdn.cookie-script.com https://apps.byggforsk.no https://apps-test.byggforsk.no https://apps-beta.byggforsk.no https://www.youtube.com https://bat.bing.com https://cdn.cookie-script.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://translate.googleapis.com https://tagmanager.google.com https://fonts.googleapis.com https://u-verdier-test.byggforsk.no https://u-verdier-beta.byggforsk.no https://u-verdier.byggforsk.no https://cdn.jsdelivr.net;img-src 'self' https: data: https://www.facebook.com;frame-src https://www.youtube.com https://www.facebook.com https://www.googletagmanager.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net;font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com;connect-src 'self' https://*.google-analytics.com https://dc.services.visualstudio.com https://www.facebook.com https://connect.facebook.net https://stats.g.doubleclick.net https://stats.g.doubleclick.net/j/collect https://www.google.com https://www.bing.com https://no.api4load.com https://data.brreg.no https://adservice.google.com https://api.bring.com https://translate.google.com https://u-verdier-test.byggforsk.no https://u-verdier-beta.byggforsk.no https://u-verdier.byggforsk.no https://sintef.matomo.cloud/matomo.php https://fonts.googleapis.com https://ewrkoyhc.api.sanity.io https://admin.kotobee.com https://consent.cookie-script.com https://bat.bing.com;report-uri https://byggforsk.report-uri.com/r/d/csp/reportOnly 1
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'unsafe-inline' https:; report-uri https://www.tarifcheck.de/csp-violation-ezmd9dpdxv7nb0ecejb9/ 1
object-src 'none';base-uri 'self';script-src 'nonce-7ECcDBm17OnZLOhK2ELZGA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: p.typekit.net *.hubspot.com *.onetrust.com *.linkedin.com *.twitter.com cdn.jsdelivr.net bat.bing.com www.googletagmanager.com t.trackedlink.net www.google.com ok.ess-sims.co.uk *.googleapis.com cdn.cookielaw.org *.gstatic.com t.co static.oktopost.com www.google.co.uk *.doubleclick.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
block-all-mixed-content;   default-src 'self' ;   script-src 'self' 'unsafe-eval' 'unsafe-inline' https://code.jquery.com/ https://cdn-ukwest.onetrust.com/ https://www.googletagmanager.com/ https://letalliance.api.oneall.com/ https://ajax.googleapis.com/ https://s.adroll.com/ https://connect.facebook.net/ https://www.google-analytics.com/ https://pi.pardot.com/ https://d.adroll.com/ https://lettingagents.letalliance.co.uk/;    connect-src 'self' https://region1.analytics.google.com/ https://cdn-ukwest.onetrust.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/;    img-src 'self' data: https://cdn-ukwest.onetrust.com/ https://www.google-analytics.com/ https://x.adroll.com/ https://www.facebook.com/ https://x.bidswitch.net/ https://dsum-sec.casalemedia.com/ https://pixel.rubiconproject.com/ https://us-u.openx.net/ https://sync.outbrain.com/ https://image2.pubmatic.com/  https://ups.analytics.yahoo.com/ https://sync.taboola.com/ https://eb2.3lift.com/ https://ib.adnxs.com/ https://www.google.co.uk/ https://d.adroll.com/  https://www.googletagmanager.com/ https://www.google.com/;     style-src 'self' 'unsafe-inline';    font-src 'self' data:; frame-src 'self' https://x.adroll.com/ https://td.doubleclick.net/ ;    frame-ancestors 'self';    form-action 'self'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-8c57b3a0ce89428381327ef60a7b5da7' https://mychart.piedmont.org 'self';img-src https://* 'self' blob: data:;style-src https://mychart.piedmont.org 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.opayo.eu.elavon.com *.klarnacdn.net https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: *.cloudflare.com *.myfonts.net *.googleapis.com *.bootstrapcdn.com pagead2.googlesyndication.com *.cookiebot.com *.clarity.ms *.trustpilot.com  klarna.com t.paypal.com *.salesfire.co.uk *.tiktok.com eu-library.klarnaservices.com eu-library.playground.klarnaservices.com *.klarnaservices.com *.klarna.com *.craftyclicks.co.uk craftyclicks.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.opayo.eu.elavon.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.braintreegateway.com *.paypal.com google.com *.google.com *.dotdigital-pages.com *.dotdigital.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.zenaps.com *.fls.doubleclick.net *.opayo.eu.elavon.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.klarna.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com * *.pinterest.com *.pinterdev.com commerce-app.pintergration.com *.addthis.com *.hotjar.com *.facebook.com *.zopim.com *.zdassets.com *.vimeo.com pagead2.googlesyndication.com *.cookiebot.com *.clarity.ms *.trustpilot.com  klarna.com t.paypal.com *.salesfire.co.uk *.tiktok.com eu-library.klarnaservices.com eu-library.playground.klarnaservices.com *.klarnaservices.com *.craftyclicks.co.uk craftyclicks.co.uk *.trustpilot.com *.weltpixel.com *.fetchify.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net data: *.paypal.com *.typekit.net *.gstatic.com *.trackedlink.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.zenaps.com *.opayo.eu.elavon.com ebizmarts-website.s3.amazonaws.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.pinterest.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com *.cloudflare.com *.google.co.uk *.google.com *.googleapis.com *.googleadservices.com *.google-analytics.com *.bing.com *.cdninstagram.com *.googletagmanager.com *.doubleclick.net *.facebook.com *.facebook.net *.magentocommerce.com pagead2.googlesyndication.com *.cookiebot.com *.clarity.ms *.trustpilot.com mcstaging.hiatt-hardware.com hiatt-hardware.com www.hiatt-hardware.com *.cookieyes.com klarna.com *.salesfire.co.uk cdn-cookieyes.com *.tiktok.com eu-library.klarnaservices.com eu-library.playground.klarnaservices.com *.klarnaservices.com *.craftyclicks.co.uk craftyclicks.co.uk data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.magento-datasolutions.com *.magento-ds.com *.typekit.net google.com *.google.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com *.opayo.eu.elavon.com *.klarna.com *.klarnacdn.net *.klarnaservices.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.pinterest.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com *.cloudflare.com *.google-analytics.com *.googletagmanager.com *.fontawesome.com *.bing.com *.doubleclick.net *.instagram.com *.addthis.com *.addthisedge.com *.moatads.com *.facebook.com *.facebook.net *.hotjar.com *.pcapredict.com chimpstatic.com *.wisepops.com *.postcodeanywhere.co.uk *.googleapis.com *.feefo.com *.trustpilot.com pagead2.googlesyndication.com *.cookiebot.com *.clarity.ms *.trustpilot.com  analytics.tiktok.com *.salesfire.co.uk smct.co lantern.roeyecdn.com brandswaptag.azureedge.net *.cookieyes.com klarna.com eu-library.klarnaservices.com eu-library.playground.klarnaservices.com paypal-eu-cdn.cloudiq.com js-agent.newrelic.com sandbox.opayo.eu.elavon.com opayo.eu.elavon.com cdn-cookieyes.com ob.esnchocco.com buttons-config.sharethis.com static.zdassets.com count-server.sharethis.com js.smct.io *.tiktok.com *.craftyclicks.co.uk craftyclicks.co.uk https://www.googletagmanager.com tagmanager.google.com *.fetchify.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.magento-datasolutions.com *.magento-ds.com *.opayo.eu.elavon.com *.klarnacdn.net https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.cloudflare.com *.googleapis.com *.myfonts.net *.typekit.net *.bootstrapcdn.com *.postcodeanywhere.co.uk pagead2.googlesyndication.com *.cookiebot.com *.clarity.ms *.trustpilot.com  *.cookieyes.com klarna.com t.paypal.com *.salesfire.co.uk *.tiktok.com eu-library.klarnaservices.com eu-library.playground.klarnaservices.com *.klarnaservices.com *.klarna.com *.craftyclicks.co.uk craftyclicks.co.uk *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net p13n.adobe.io *.adobedc.net *.demdex.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.paypal.com google.com *.google.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://the.sciencebehindecommerce.com *.opayo.eu.elavon.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.pinterest.com *.pinterdev.com commerce-app.pintergration.com *.cloudflare.com *.addthis.com *.google-analytics.com *.googleapis.com *.wisepops.com *.instagram.com *.chimpstatic.com *.pinimg.com *.postcodeanywhere.co.uk pagead2.googlesyndication.com *.cookiebot.com *.clarity.ms *.trustpilot.com  live.smartmetrics.co.uk analytics.tiktok.com tagapi.brandswap.com hit.salesfire.co.uk *.cookieyes.com klarna.com t.paypal.com *.salesfire.co.uk l.sharethis.com obs.esnchocco.com firehose.eu-west-1.amazonaws.com cdn-cookieyes.com bam.nr-data.net *.nr-data.net *.tiktok.com eu-library.klarnaservices.com eu-library.playground.klarnaservices.com *.craftyclicks.co.uk craftyclicks.co.uk *.facebook.net 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-0cwWK6CaUEbf4OddXh5u9Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: code.jquery.com www.googletagmanager.com cdnjs.cloudflare.com *.gstatic.com tag.aticdn.net www.google.com *.onetrust.com cdn.cookielaw.org logs1412.xiti.com *.googleapis.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-TD6cZtiR2ESdtEwZ0zHiUQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'self'; script-src 'self' https://cdnjs.cloudflare.com https://unpkg.com; script-src-attr 'self'; frame-ancestors 'self' 1
default-src 'self' http: https:; font-src 'self' https: data:; img-src 'self' http: https: data: blob:; object-src 'none'; connect-src 'self' wss: http: https:; script-src 'self' https: http: 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: http: 'unsafe-inline'; worker-src blob:; report-uri https://hlidacky.report-uri.com/r/d/csp/reportOnly 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bannerflow.net *.lampenwelt.de *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.storyblok.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com https://cdn.consentmanager.net https://delivery.consentmanager.net secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com challenges.cloudflare.com https://www.recaptcha.net/recaptcha/ *.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net data: *.adyen.com *.brsrvr.com *.bloomreach.cloud https://cdn.consentmanager.net https://delivery.consentmanager.net cdn.pay1.de x.klarnacdn.net *.cloudfront.net *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu lw-cdn.com *.adingo.jp *.adnxs.com *.aralego.com *.bing.com *.bidswitch.net *.bluekai.com *.casalemedia.com *.clmbtech.com *.contentsquare.net *.consentmanager.net *.criteo.com *.dable.io *.doubleclick.net *.google.com *.googleapis.com *.lampenwelt.de *.linkedin.com *.media.net *.outbrain.com *.pubmatic.com *.rlcdn.com *.roeyecdn.com *.rubiconproject.com *.smaato.net *.smartadserver.com *.socdm.com *.stickyadstv.com *.taboola.com *.teads.tv *.unrulymedia.com *.yahoo.com *.yieldmo.com *.1rx.io *.3lift.com *.360yield.com *.mycliplister.com https://mycliplister.com *.storyblok.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com collector.sst.lampen24.be data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com cdn.brcdn.com https://cdn.consentmanager.net https://delivery.consentmanager.net secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io challenges.cloudflare.com https://www.recaptcha.net/recaptcha/ *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com *.aticdn.net *.bing.com *.criteo.com *.contentsquare.net https://delivery *.doubleclick.net *.dwin1.com *.facebook.net *.hello-charles.com *.kk-resources.com *.lampenwelt.de *.licdn.com *.pinimg.com *.pinterest.com *.roeyecdn.com *.salesforceliveagent.com *.scarabresearch.com *.force.com *.tiktok.com https://mycliplister.com *.kameleoon.eu https://js-agent.newrelic.com *.storyblok.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.trustpilot.com collector.sst.lampen24.be 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com d.ratepay.com d.payla.io dr.payla.io *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.force.com *.storyblok.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src https://cdn.consentmanager.net https://delivery.consentmanager.net 'self' 'unsafe-inline'; media-src *.adobe.com https://cdn.consentmanager.net https://delivery.consentmanager.net https://mycliplister.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.dxpapi.com https://cdn.consentmanager.net https://delivery.consentmanager.net payments.amazon.de d.ratepay.com jsctool.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.contentsquare.net *.criteo.com *.doubleclick.net *.googleadservices.com *.hello-charles.com *.lampenwelt.de *.linkedin.com *.pa-cd.com *.pinterest.com *.tiktok.com *.wepowerconnections.com *.xiti.com https://mycliplister.com *.kameleoon.io https://bam.eu01.nr-data.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.trustpilot.com collector.sst.lampen24.be 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://cdn.consentmanager.net https://delivery.consentmanager.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-collector.magento.lampenwelt.tech; report-to report-endpoint; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' minhacasasolar.com.br *.minhacasasolar.com.br minhacasasolar.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net *.minhacasasolar.com.br *.ecommercegateway.com.br *.itau.com *.itau.com.br *.itaushopline.com.br *.itaushopline.com *.clearsale.com.br *.criteo.net *.shoptarget.com.br app.shoptarget.com.br *.onesignal.com *.trustvox.com.br *.ip.sb *.alphassl.com *.ecommercemail.com.br rawgit.com *.jivosite.com *.criteo.com *.googleadservices.com *.masterpass.com *.amazonaws.com *.gstatic.com *.dc.linximpulse.net *.g.doubleclick.net cdnjs.cloudflare.com checkout.minhacasasolar.com.br masterpass.com apis.google.com cdn.onesignal.com rate.trustvox.com.br sslwidget.criteo.com integration-healthy.dc.linximpulse.net *.mundipaggone.com *.linximpulse.net *.fbits.net poscompra.shopconvert.com.br *.shopconvert.com.br static.shopback.net *.ckies.net *.shopback.net cdn.jsdelivr.net ajax.googleapis.com *.retargeter.com.br trustvox.com.br events.chaordicsystems.com *.chaordicsystems.com click.retargeter.com.br onesignal.com wss://chat-ca.jivosite.com ckies.net google.com *.google.com *.facebook.net certificate.trustvox.com.br api-ads.percycle.com wss://node224.jivosite.com *.googlesyndication.com *.google-analytics.com connect.facebook.net recursos.minhacasasolar.com.br recursos.ecommercegateway.com.br k-analytix.com *.k-analytix.com i.konduto.com ssl.google-analytics.com *.facebook.com facebook.com *.yapay.com.br *.traycheckout.com.br cdn.bitrix24.com *.bitrix24.com googletagmanager.com *.googletagmanager.com gm.fbits.net suite.linximpulse.net collect.chaordicsystems.com api.shopback.net gum.criteo.com wss://rtc-v2-us1.bitrix24.com google-analytics.com static.trustvox.com.br *.sun21.com.br *.mundipagg.com *.smarthint.co *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.shoppush.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com *.bitrix24.site signalrcore.fbits.net wss://signalrcore.fbits.net .crazyegg.com *.crazyegg.com *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store *.adyen.com gstatic.com *.pagar.me *.mundipagg.com *.braintree-api.com *.*.braintree-api.com *.braintreegateway.com *.*.braintreegateway.com *.pagseguro.com.br *.*.pagseguro.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.minhacasasolar.com.br minhacasasolar.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho 1
font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://www.sandbox.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.paypalobjects.com 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.gstatic.com use.typekit.net *.hotjar.com www.portoplus.com.br wss://127.0.0.1:5950 *.online-metrix.net *.azure-api.net wss://127.0.0.1:5279 metrics.hotjar.io wss://127.0.0.1:5903 meuportossomiddlewareprd.azurewebsites.net p.typekit.net wss://127.0.0.1:7070 wss://127.0.0.1:5939 wss://127.0.0.1:2112 *.portoseguro.com.br *.facebook.com api.ipify.org www.google-analytics.com portoplus.webpremios.digital *.onetrust.com wss://127.0.0.1:63333 wss://127.0.0.1:5901 wss://127.0.0.1:5938 wss://127.0.0.1:5902 wss://127.0.0.1:6040 www.google.com *.facebook.net *.googleapis.com wss://127.0.0.1:3389 a-static.mlcdn.com.br wss://127.0.0.1:5900 wss://127.0.0.1:5944 wss://127.0.0.1:6039 www.googletagmanager.com globalsiteanalytics.com wss://127.0.0.1:5931 vc.hotjar.io *.windows.net *.doubleclick.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src https://*.gstatic.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.pcapredict.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://www.googletagmanager.com/ *.nosto.com *.nos.to *.pcapredict.com https://www.google.com *.wesupply.xyz *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://*.gstatic.com *.trackedlink.net *.klevu.com *.ksearchnet.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.nosto.com *.nos.to *.visualwebsiteoptimizer.com *.pcapredict.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com js.klevu.com *.ksearchnet.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.nosto.com *.nos.to *.visualwebsiteoptimizer.com *.pcapredict.com https://www.google.com https://www.gstatic.com *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com/ cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.nosto.com *.nos.to *.pcapredict.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.nosto.com *.nos.to *.pcapredict.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-7FMX8VF8NNGZ8v-v61vJFA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://unpkg.com https://cdn.userway.org https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://use.typekit.net https://p.typekit.net https://cdn.userway.org; img-src 'self' data: https://imgsct.cookiebot.com/ https://cdn.userway.org/; font-src 'self' data: https://use.typekit.net https://p.typekit.net; frame-src 'self' https://www.youtube.com https://consentcdn.cookiebot.com https://cdn.userway.org; connect-src 'self' https://api.userway.org https://consentcdn.cookiebot.com; worker-src 'self'; form-action 'self'; frame-ancestors 'self'; base-uri 'self'; require-trusted-types-for 'script'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://*.typekit.net maxcdn.bootstrapcdn.com data: https://cdn.honey.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com https://www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.verify.monzo.com https://*.arcot.com *.hsforms.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://*.demdex.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.adyen.com https://www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.weltpixel.com https://*.doubleclick.net *.google.com/ https://*.hotjar.com *.addthis.com https://*.paypal.com https://*.braintreegateway.com *.kaptcha.com *.cardinalcommerce.com *.doubleclick.net *.verify.monzo.com https://secure.livechatinc.com https://tpc.googlesyndication.com *.hsforms.net https://*.channelcentral.net https://*.arcot.com *.hsforms.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com https://*.omtrdc.net dpm.demdex.net https://cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.paypal.com *.typekit.net *.gstatic.com *.adyen.com https://www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.doubleclick.net *.google.com https://*.google.co.uk https://*.cloudfront.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://img.youtube.com https://www.magezon.com *.google.co.in *.googletagmanager.com *.techbuyer.com *.techbuydev1.dev.iwebcloud.co.uk https://api.feefo.com *.vzaar.com https://techbuyer.gumlet.io https://bat.bing.com https://t.co https://*.hsforms.com https://track.hubspot.com https://consent.linksynergy.com https://consent.nxtck.com https://consent.mediaforge.com https://consent.jrs5.com https://consent.dc-storm.com https://www.googletagmanager.com https://www.google.fr https://www.google.com.eg https://www.google.de https://www.google.com.my https://www.google.co.id https://www.google.com.au https://www.google.co.nz https://www.google.ie https://www.google.ch https://www.google.at https://www.google.nl https://www.google.es https://www.google.com.ua https://www.google.com.tr https://www.google.com.tw https://www.google.tn https://www.google.co.in https://www.google.com.pk https://www.google.com.ng https://www.google.co.jp https://www.google.be https://www.google.co.mz https://www.google.ca https://www.google.com.vn https://www.google.com.hk https://www.google.ro https://www.google.it https://www.google.hr https://www.google.pl https://www.google.co.kr https://www.google.com.ph https://www.google.co.ke https://i.ytimg.com https://cdn.honey.io https://*.livechatinc.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.magento-datasolutions.com *.magento-ds.com *.typekit.net google.com *.google.com *.adyen.com https://connect.facebook.net connect.facebook.net graph.facebook.com business.facebook.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com *.google.com/ https://www.gstatic.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com *.moatads.com *.addthis.com *.facebook.net *.google-analytics.com *.addthisedge.com *.paypal.com *.cardinalcommerce.com *.doubleclick.net *.zdassets.com *.hoolah.co *.nmgassets.com https://*.feefo.com *.cookiefirst.com *.verify.monzo.com https://*.wisepops.com *.hsforms.com https://*.ads-twitter.com https://bat.bing.com https://secure.feed5mown.com https://o2.mouseflow.com https://cdn.mouseflow.com https://*.livechatinc.com https://cdn.oribi.io https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hs-banner.com https://assets.revlifter.io https://analytics.twitter.com https://*.nofraud.com https://d-ipv6.mmapiws.com *.hsforms.net https://js.hs-scripts.com https://cdn.noibu.com https://cdn.raygun.io https://*.braintreegateway.com *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com https://*.googleapis.com https://*.typekit.net https://static.klaviyo.com maxcdn.bootstrapcdn.com *.cookiefirst.com *.verify.monzo.com *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.feefo.com *.vzaar.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net https://*.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io amcglobal.sc.omtrdc.net p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com *.paypal.com google.com *.google.com *.adyen.com https://www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ *.google-analytics.com https://stats.g.doubleclick.net *.addthis.com *.braintree-api.com *.amazonaws.com https://*.braintreegateway.com *.cardinalcommerce.com *.nmgplatform.com https://*.feefo.com *.cookiefirst.com *.verify.monzo.com https://o2.mouseflow.com https://www.google-analytics.com *.hsforms.com https://*.livechatinc.com https://bat.bing.com https://adservice.google.com https://www.google.com https://*.demdex.net https://*.mmapiws.com https://forms.hubspot.com https://input.noibu.com wss://input.noibu.com https://analytics.google.com https://api.raygun.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com *.zizel.gr *.fontawesome.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.cardlink.gr *.alphaecommerce.gr 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.google.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: https://go.linkwi.se https://player.vimeo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://flagcdn.com data: www.apptrian.com www.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.zizel.gr *.findbar.io *.facebook.com https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com cdn.ampproject.org raw.githubusercontent.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.zizel.gr https://go.linkwi.se https://assets.zizel.gr *.findbar.io *.googletagmanager.com *.facebook.net *.avada.io https://player.vimeo.com https://www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com *.zizel.gr *.findbar.io *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com www.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.zizel.gr *.findbar.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com cdn.ampproject.org www.apptrian.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.zizel.gr artserver.gr *.findbar.io *.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-3d05fe85d2c9484fb7fb9a840f4ad767' https://Health-Hub.org.au 'self';img-src https://* 'self' blob: data:;style-src https://Health-Hub.org.au 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1
img-src https://higherlogicdownload.s3.amazonaws.com/ILTANET/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ILTANET/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/ILTANET/ https://d132x6oi8ychic.cloudfront.net 'self' https://aws.predictiveresponse.net https://aws.predictiveresponse.net https://px.ads.linkedin.com https://aws.predictiveresponse.net https://px.ads.linkedin.com https://cdn.userway.org https://aws.predictiveresponse.net https://px.ads.linkedin.com https://cdn.userway.org https://d3uf7shreuzboy.cloudfront.net/ https://cdnjs.cloudflare.com https://px4.ads.linkedin.com; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' https://higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ILTANET/ https://higherlogicdownload.s3.amazonaws.com/ILTANET/ https://higherlogiclongterm.s3.amazonaws.com/ILTANET/ 'self' https://cdnjs.cloudflare.com; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogiccloudfront.s3.amazonaws.com https://higherlogicdownload.s3.amazonaws.com/ILTANET/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ILTANET/ 'self' https://higherlogiclongterm.s3.amazonaws.com/ILTANET/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data: https://ka-f.fontawesome.com/ https://ka-f.fontawesome.com/ https://ilta.legaltechnologyhub.com/ https://cdn.userway.org/; media-src https://higherlogiclongterm.s3.amazonaws.com/ILTANET/ https://higherlogicdownload.s3.amazonaws.com/ILTANET/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ILTANET/ https://higherlogicstream.s3.amazonaws.com/ILTANET/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/ILTANET/ https://higherlogicdownload.s3.amazonaws.com/ILTANET/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/hlqui-2024-05-08.js https://d132x6oi8ychic.cloudfront.net https://cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ILTANET/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/hlq-2024-05-08.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; script-src-elem https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/hlqui-2024-05-08.js https://d3uf7shreuzboy.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/hlq-2024-05-08.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline' https://ilta.legaltechnologyhub.com/ https://cdn.userway.org/ d214eakhb4e2xn.cloudfront.net https://d214eakhb4e2xn.cloudfront.net; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/ https://ilta.legaltechnologyhub.com/ https://cdn.userway.org/; default-src 'self'; base-uri 'self'; connect-src 'self' https://hl-managedservices.informz.net https://px.ads.linkedin.com/ https://aws.predictiveresponse.net/ https://ilta.legaltechnologyhub.com/ https://api.userway.org/; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; style-src-elem https://d2x5ku95bkycr3.cloudfront.net/ https://maxcdn.bootstrapcdn.com/ https://cdn.userway.org/ https://d2x5ku95bkycr3.cloudfront.net/ https://maxcdn.bootstrapcdn.com/ https://cdn.userway.org/ sha256-Rab7AJLFualVC4CUBBV53un9yiys/tCLSbaVZsjd1vs= https://d2x5ku95bkycr3.cloudfront.net/ https://maxcdn.bootstrapcdn.com/ https://cdn.userway.org/ sha256-Rab7AJLFualVC4CUBBV53un9yiys/tCLSbaVZsjd1vs= sha256-2gCt3a4f6dxlUfEwTCIts7vls6yRLGu6Dc6LrwMwYhE=; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.ioteams.com https://hm.baidu.com https://assets.growingio.com https://res.wx.qq.com; report-uri https://m.sre.videoteams.cn:8043/monitor/csp-report.htm 1
object-src 'none';base-uri 'self';script-src 'nonce-_jlwLJnjnShMDFWwQ4ACQQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-XLQxmnxgqKfgI4kJb59dww' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-c2tXRDFXc3pfd5b6smokVQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Yzm-qJuEeQmXWv108gP6Ng' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.stripe.com *.google.com *.sagepay.com *.klevu.com *.ksearchnet.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.stripe.com *.google.com *.sagepay.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.google.com *.sagepay.com account.fetchify.com *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.pinterest.com *.pinterdev.com commerce-app.pintergration.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.trackedlink.net *.stripe.com *.google.com ebizmarts-website.s3.amazonaws.com *.paypal.com *.sagepay.com *.klevu.com *.ksearchnet.com *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.pinterest.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.google.com *.sagepay.com js.klevu.com *.ksearchnet.com *.nosto.com *.nos.to assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.pinterest.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.google.com *.sagepay.com cc-cdn.com *.klevu.com *.ksearchnet.com *.nosto.com *.nos.to unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.google.com *.paypal.com *.sagepay.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.klevu.com *.ksearchnet.com *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com *.pinterest.com *.pinterdev.com commerce-app.pintergration.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.opayo.eu.elavon.com maxcdn.bootstrapcdn.com *.stripe.com *.google.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.opayo.eu.elavon.com *.stripe.com *.google.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.opayo.eu.elavon.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.stripe.com *.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.paypal.com *.opayo.eu.elavon.com *.stripe.com *.google.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.opayo.eu.elavon.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.stripe.com *.google.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src downloads.mailchimp.com *.opayo.eu.elavon.com maxcdn.bootstrapcdn.com cdn.dnky.co webchat.dotdigital.com *.stripe.com *.google.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.paypal.com *.opayo.eu.elavon.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.stripe.com *.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-7E8aZuASbSc19KBGh4gr9A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.klarnacdn.net *.klevu.com *.ksearchnet.com js.klevu.com maxcdn.bootstrapcdn.com data: *.yotpo.com *.googleapis.com *.gstatic.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * tst.kaptcha.com https://plumrocket.com https://www.google.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com js.klevu.com *.pinterest.com www.johngreed.com *.klarnacdn.com moogento.com *.moogento.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.sandbox.paypal.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com www.googletagmanager.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.klarna.com *.klarnacdn.net *.klarnaservices.com js.klevu.com *.ksearchnet.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.pinterest.com johng11117.pcapredict.com services.postcodeanywhere.co.uk *.klarnaevt.com *.klarnacdn.com *.newrelic.com *.nr-data.net l2.moogento.com https://apis.google.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com downloads.mailchimp.com *.klarnacdn.net *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com js.klevu.com maxcdn.bootstrapcdn.com services.postcodeanywhere.co.uk *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.snplow.net commerce.adobedc.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com js.klevu.com maxcdn.bootstrapcdn.com *.nr-data.net services.postcodeanywhere.co.uk *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-Saj_dxu0VDEYJ0siqdE24g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=merchant%2Fapp_details&source%5Buuid%5D=1a58e503-570f-42de-a9a9-227425835fb6-1721956234 1
font-src https://fonts.gstatic.com *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors localhost:* *.motive.co 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com/ *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.magezon.com *.motive.co data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io *.google.com/ *.motive.co *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com *.googleapis.com *.addtoany.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.googleapis.com https://get.geojs.io *.avada.io http://dpm.demdex.net *.motive.co 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://cdn.checkout.com egoi.page egoi.site www.istore.pt www.istore-qa.toogas.com *.newrelic.com bam.nr-data.net bam-cell.nr-data.net cdnjs.cloudflare.com *.swogo.net *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.vimeocdn.com www.istore.pt www.istore-qa.toogas.com *.newrelic.com bam.nr-data.net bam-cell.nr-data.net googletagmanager.com facebook.com *.jotfor.ms *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://js.checkout.com *.klarna.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com egoi.page https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com www.facebook.com www.istore.pt www.istore-qa.toogas.com *.newrelic.com *.doubleclick.net *.nr-data.net bam-cell.nr-data.net *.genial.ly *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com egoimmerce.e-goi.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com vimeo.com www.google.com www.google.pt www.facebook.com www.istore.pt www.istore-qa.toogas.com *.newrelic.com *.nr-data.net bam-cell.nr-data.net *.e-goi.com *.swogo.net *.googleapis.com *.gstatic.com *.jotfor.ms *.jotform.com https://qldecommerce.cetelem.pt/ecomapi/assets/logo.png *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.checkout.com *.klarnacdn.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com e-goi.com cdn-te.e-goi.com egoi.site http://www.googletagmanager.com/ https://www.googletagmanager.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com connect.facebook.net www.googletagmanager.com www.google.com www.google.pt googleads.g.doubleclick.net static-tracking.klaviyo.com static-forms.klaviyo.com cdn.usehero.com api.usehero.com cdn.inspectlet.com www.istore-qa.toogas.com *.newrelic.com *.nr-data.net bam-cell.nr-data.net *.egoiapp2.com *.e-goi.com *.klarnaservices.com *.hotjar.com https://cdn.jsdelivr.net/npm/swiper@9/swiper-bundle.min.js https://cdn.jsdelivr.net/npm/swiper@9/swiper-bundle.esm.browser.min.js *.googleapis.com *.cookiefirst.com *.gstatic.com *.swogo.net *.hotjar.io *.googlesyndication.com *.jotfor.ms *.jotform.com *.jquery.com *.cloudflare.com https://qldecommerce.cetelem.pt/ecomapi/partner-checkout-element.js https://qldecommerce.cetelem.pt/ecomapi/partner-checkout-client-es5-gen.js *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.trusted.com https://cdn.checkout.com cdn.dnky.co webchat.dotdigital.com egoiapp2.com unsafe-inline *.doubleclick.net vimeo.com *.vimeocdn.com www.istore.pt www.istore-qa.toogas.com *.newrelic.com *.nr-data.net bam-cell.nr-data.net https://cdn.jsdelivr.net/npm/swiper@9/swiper-bundle.min.css *.cookiefirst.com cdnjs.cloudflare.com *.jotfor.ms *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com https://js.checkout.com *.klarnaevt.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com vimeo.com hn.inspectlet.com *.vimeocdn.com www.istore.pt www.istore-qa.toogas.com googleads.g.doubleclick.net stats.g.doubleclick.net static-forms.klaviyo.com cdn.usehero.com api.usehero.com telemetrics.klaviyo.com *.newrelic.com *.nr-data.net bam-cell.nr-data.net *.egoiapp.com egoiapp2.com *.analytics.google.com www.facebook.com *.googleapis.com *.cookiefirst.com *.gstatic.com *.swogo.net *.hotjar.io www.google.pt www.google.com google-analytics.com *.googlesyndication.com https://qldecommerce.cetelem.pt/ecommerce/v1.0/content/webcontent https://qld-api.bnpparibas-pf.pt/ecommerce/pricing https://qld-api.bnpparibas-pf.pt/ecommerce/content *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.vimeocdn.com www.istore.pt www.istore-qa.toogas.com *.newrelic.com *.nr-data.net bam-cell.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.istore.pt/csp/report; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-9yrc94ifHlh_EjrWuWUmGQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.trustpilot.com *.google-analytics.com *.google.com *.fontawesome.com *.xeno.app https://cdnjs.cloudflare.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com *.trustpilot.com *.google-analytics.com *.google.com/ *.fontawesome.com *.vimeo.com *.dailymotion.com *.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com cdn.doofinder.com *.trustpilot.com *.google-analytics.com *.google.com *.fontawesome.com *.picsum.photos *.doublet.pro axeptio.imgix.net https://www.magezon.com *.google.fr *.gstatic.com *.googletagmanager.com *.assets.com https://ask-assets.com https://doublet-magentofr-bruaw.artifakt.dev data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com cdn.doofinder.com *.trustpilot.com *.google-analytics.com *.google.com/ *.fontawesome.com *.axept.io *.cloudflareinsights.com *.avada.io *.google.com *.gstatic.com *.googletagmanager.com *.pusher.com *.sarbacane.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.doofinder.com *.trustpilot.com *.google-analytics.com *.google.com *.fontawesome.com *.tawk.to *.xeno.app https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.tawk.to *.sarbacane.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.doofinder.com wss://*.doofinder.com *.trustpilot.com *.google-analytics.com *.google.com *.fontawesome.com *.doubleclick.net *.axept.io https://get.geojs.io *.avada.io wss://ws.pusherapp.com *.sarbacane.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri 1; report-to report-endpoint; 1
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ *.pagaleve.io *.pagaleve.com.br www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.pagaleve.com.br https://cdn.mundipagg.com https://api.pagar.me www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.pagseguro.com.br http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.pagaleve.com.br www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com https://viacep.com.br https://www.viacep.com.br http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://api.mundipagg.com https://api.pagar.me www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-esJD4k71Ep6ocaR1XxJprw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: static.megustaleer.com www.googletagmanager.com www.google-analytics.com *.gstatic.com penguinrandomhousegrupoeditorial.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src *.googleapis.com *.gstatic.com data: *.typekit.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com https://*.doubleclick.net https://*.google.com https://*.hotjar.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com https://*.doubleclick.net https://*.google.com https://*.google.co.uk *.cloudfront.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://www.google.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://*.googleapis.com *.typekit.net unsafe-inline assets.braintreegateway.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com thm.visa.com https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com *.twitter.com *.twimg.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
base-uri 'self'; default-src 'self'; connect-src 'self' https://www.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.co.uk; frame-ancestors 'none'; font-src 'self' data: 'unsafe-inline'; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://player.vimeo.com https://*.vimeocdn.com https://*.facebook.com; img-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://www.facebook.com https://secure.adnxs.com https://fcdn.thg-corporate.com; child-src 'self'; script-src 'self' 'strict-dynamic' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com; object-src 'none'; script-src-elem 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net; worker-src 'none'; media-src 'self' https://*.gstatic.com https://secure.adnxs.com https://fcdn.thg-corporate.com; report-uri https://csp.thehut.net/cspReport.txt; 1
font-src https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.google.ca https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com cdn.cookielaw.org https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com s7.addthis.com *.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com ma.protected.ca cdn.cookielaw.org js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.youtube.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com ma.protected.ca cdn.cookielaw.org geolocation.onetrust.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self';default-src 'self';child-src blob:;connect-src 'self' https://flex-api.sharetribe.com maps.googleapis.com *.tiles.mapbox.com api.mapbox.com events.mapbox.com sentry.io *.stripe.com cms.nomady.camp blog.nomady.ch https://www.google-analytics.com https://www.facebook.com *.sentry.io *.usercentrics.eu;font-src 'self' data: assets-sharetribecom.sharetribe.com static.nomady.camp data:;frame-src 'self' *.stripe.com www.facebook.com https://bid.g.doubleclick.net youtube.com www.youtube.com nomady.us20.list-manage.com;img-src 'self' data: blob: *.imgix.net sharetribe.imgix.net lorempixel.com via.placeholder.com api.mapbox.com maps.googleapis.com *.gstatic.com *.googleapis.com *.ggpht.com www.google.com *.stripe.com blog.nomady.ch static.nomady.camp data: www.facebook.com www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com maps.gstatic.com *.googleapis.com *.usercentrics.eu;script-src api.mapbox.com js.stripe.com 'self' connect.facebook.net *.facebook.net 'nonce-6bde3400097360cb7df665274b2a5e99' https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com maps.googleapis.com youtube.com www.youtube.com *.usercentrics.eu;style-src 'self' 'unsafe-inline' api.mapbox.com https://tagmanager.google.com;object-src 'none';form-action 'self';frame-ancestors 'self';script-src-attr 'none';upgrade-insecure-requests 1
worker-src blob:; font-src *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com fonts.gstatic.com *.kxcdn.com *.fontawesome.com https://fonts.gstatic.com 'self' data: applepay.cdn-apple.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com www.google.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com magento-cloudflare.jetrails.com https://player.vimeo.com https://www.youtube-nocookie.com api.payplug.com secure.payplug.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com www.facebook.com *.cdninstagram.com *.kxcdn.com *.twitter.com *.google.com *.fbcdn.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.ytimg.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com cdnjs.cloudflare.com *.iubenda.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com chimpstatic.com downloads.mailchimp.com *.list-manage.com s7.addthis.com *.avada.io https://player.vimeo.com https://www.youtube.com api.payplug.com applepay.cdn-apple.com https://cdn.payplug.com/js/integrated-payment/ https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com fonts.googleapis.com *.google.com *.kxcdn.com https://cs.iubenda.com/ https://cdnjs.cloudflare.com/ downloads.mailchimp.com *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com region1.google-analytics.com consent.iubenda.com pagead2.googlesyndication.com hits-i.iubenda.com *.googleapis.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com https://hits-i.iubenda.com/ ekr.zdassets.com/ https://get.geojs.io *.avada.io https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.klarnacdn.net *.cloudflare.com *.typekit.net *.trustedshops.com *.googleapis.com *.klaviyo.com cdn1.stamped.io stamped.io *.fontawesome.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.nosto.com *.nos.to *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.klarna.com *.nosto.com *.nos.to *.freshchat.com *.twitter.com *.pinterest.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.klarna.com *.klarnaevt.com *.nosto.com *.nos.to *.rubiconproject.com/ *.sharethrough.com/ *.teads.tv/ *.tremorhub.com/ *.3lift.com/ *.yieldlab.net/ *.ads.yieldmo.com/ *.emxdgt.com/ *.adform.net/ *.demdex.net/ *.criteo.net *.adnxs.com/ *.cloudfront.net/ *.stamped.io *.freshchat.com/ *.cloudflare.com *.ytimg.com *.bing.com/ *.clarity.ms/ *.google.al/ *.google.am/ *.google.at/ *.google.az/ *.google.ba/ *.google.be/ *.google.bg/ *.google.by/ *.google.ch/ *.google.cz/ *.google.de/ *.google.dk/ *.google.ee/ *.google.es/ *.google.fi/ *.google.fr/ *.google.ge/ *.google.gr/ *.google.hr/ *.google.hu/ *.google.ie/ *.google.is/ *.google.it/ *.google.kz/ *.google.li/ *.google.lt/ *.google.lu/ *.google.lv/ *.google.md/ *.google.me/ *.google.mk/ *.google.mt/ *.google.nl/ *.google.no/ *.google.pl/ *.google.pt/ *.google.ro/ *.google.rs/ *.google.ru/ *.google.se/ *.google.si/ *.google.sk/ *.google.sm/ *.google.tr/ *.google.ua/ *.google.uk/ *.google.com.ua/ *.google.com.tr/ *.google.com.gr/ *.google.com.pt/ *.google.com.pl/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ cdn1.stamped.io stamped.io https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.klarna.com/ *.nosto.com *.nos.to *.cloudfront.net/ *.cookiebot.com/ *.kuvio.io/ *.reamaze.com/ *.shopalike.fi/ *.chatbotize.com/ qanuk-stage.vercel.app *.tradedoubler.com *.criteo.com *.cookiefirst.com *.omappapi.com *.googleoptimize.com *.klaviyo.com reviewsonmywebsite.com 'self' data: *.fontawesome.com *.videoly.co/ *.freshchat.com cdnjs.cloudflare.com/ *.googleapis.com/ *.noibu.com/ *.pinimg.com/ *.bing.com/ *.tiktok.com/ *.pinterest.com/ *.intercom.io/ *.intercomcdn.com/ *.clarity.ms/ *.klarnaservices.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ player.vimeo.com cdn1.stamped.io stamped.io js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.nosto.com *.nos.to *.cookiefirst.com *.klarnacdn.net *.omappapi.com reviewsonmywebsite.com *.typekit.net *.freshchat.com/ *.cloudflare.com/ *.klaviyo.com/ https://static.klaviyo.com cdn1.stamped.io stamped.io *.fontawesome.com unsafe-inline assets.braintreegateway.com *.yotpo.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src cdn1.stamped.io stamped.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com/ *.algolianet.com *.insights.algolia.io *.google-analytics.com *.facebook.com *.facebook.net *.google.com/ *.klarnaevt.com *.nosto.com *.nos.to *.criteo.com *.hobbybox.fi/ *.g.doubleclick.net/ *.reamaze.com/ *.cookiebot.com/ *.kelkoogroup.net/ *.chatbotize.com *.klarnaservices.com *.doubleclick.net *.qanuk.app *.cookiefirst.com *.omappapi.com *.googlesyndication.com reviewsonmywebsite.com *.cloudflare.com *.pinterest.com *.tiktok.com/ *.clarity.ms/ *.noibu.com/ wss://input.noibu.com/ wss://nexus-websocket-a.intercom.io/ *.intercom.io/ *.bing.com/ *.algolia.io/ *.klarna.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ cdn1.stamped.io stamped.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.klaviyo.com *.flixfacts.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.canadapost.ca https://sso.epost.ca *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com https://www.googletagmanager.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.twitter.com *.doubleclick.net *.hotjar.com *.facebook.com *.flixcar.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ mageside.com *.canadapost.ca *.canadapost-postescanada.ca *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com *.google.ca *.doubleclick.net *.multiluminaire.ca *.facebook.com *.flix360.com *.flixcar.com *.flix360.io *.flixfacts.io *.flixfacts.com *.flixcar.io *.intuit.com *.mcusercontent.com *.privacy-center.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.doubleclick.net *.googletagmanager.com trackcmp.net *.facebook.net *.hotjar.com *.flixcar.com *.flix360.io *.flixfacts.com *.flixgvid.com *.privacy-center.org *.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com downloads.mailchimp.com https://static.klaviyo.com *.fontawesome.com *.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.flixcar.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com *.twitter.com *.twimg.com *.hotjar.com *.hotjar.io *.doubleclick.net *.klaviyo.com *.privacy-center.org *.googlesyndication.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-iEQGVfNyNCv6WtNziLqg1h_re96uRM4c'; base-uri 'none'; report-uri https://se.sanitino.eu/api/3/security/?sentry_key=b2d6b02f684b4691b5b10905f49956fa 1
object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-XvpjRajZ9R93x8PUPISnOy7dB2qAFA4s'; base-uri 'none'; report-uri https://se.sanitino.eu/api/3/security/?sentry_key=b2d6b02f684b4691b5b10905f49956fa 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com/ *.clarity.ms/collect *.paymentexpress.com *.windcave.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com/ *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ magento-cloudflare.jetrails.com https://www.google.com/ https://www.gstatic.com/ *.vimeocdn.com https://southernhospitality.co.nz/ https://rewardhospitality.co.nz/ https://www.silverchef.finance/ https://td.doubleclick.net/ www.facebook.com/ *.paymentexpress.com *.windcave.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com *.ytimg.com https://img.youtube.com https://stats.g.doubleclick.net/ https://s.ytimg.com https://southernhospitality.co.nz/ https://rewardhospitality.co.nz/ https://rewardhospitality.com.au/ https://www.southernhospitality.co.nz/ https://www.rewardhospitality.co.nz/ https://www.rewardhospitality.com.au/ https://bat.bing.com/ https://c.bing.com/ www.facebook.com/ www.google.co.nz/ *.clarity.ms/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com  https://js-agent.newrelic.com/ *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.addressfinder.io s7.addthis.com *.avada.io https://www.gstatic.com/ https://static.cloudflareinsights.com/ https://southernhospitality.co.nz/ https://rewardhospitality.co.nz/ assets.adobedtm.com/ *.adobe.com/ play.google.com *.newrelic.com *.cardinalcommerce.com https://connect.facebook.net/ https://bat.bing.com/ *.clarity.ms/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.addressfinder.io *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://api.addressfinder.io ekr.zdassets.com/ https://get.geojs.io *.avada.io https://www.google-analytics.com/ https://static.cloudflareinsights.com/ https://southernhospitality.co.nz/ https://www.rewardhospitality.co.nz/ https://www.rewardhospitality.com.au/ https://stats.g.doubleclick.net/ *.clarity.ms/collect www.facebook.com/ https://bat.bing.com/ https://www.google.co.nz/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://play.google.com/ https://www.youtube.com/ https://*.southernhospitality.co.nz/ https://*.rewardhospitality.co.nz/ https://*.rewardhospitality.com.au/ https://southernhospitality.co.nz/ https://rewardhospitality.co.nz/ https://rewardhospitality.com.au/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; style-src media.flixcar.com/ getfirebug.com display.ugc.bazaarvoice.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com releva.ai tagmanager.google.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src https://storage.googleapis.com/releva-assets-prod/117/1710837919616_8823577b-8edb-4c25-8049-84f2456dbe68.png www.googleadservices.com www.google-analytics.com www.paypalobjects.com www.apptrian.com www.facebook.com www.yotpo.com www.google.bg www.google.com storage.googleapis.com/ tr.snapchat.com/ cm.g.doubleclick.net/ x.bidswitch.net/ ib.adnxs.com/ rtb-csync.smartadserver.com/ sync-t1.taboola.com/ visitor.omnitagjs.com/ gum.criteo.com/ sync.1rx.io/ cm.adform.net/ id5-sync.com/ ad.360yield.com/ matching.ivitrack.com/ contextual.media.net/ r.casalemedia.com/ exchange.mediavine.com/ jadserve.postrelease.com/ simage2.pubmatic.com/ sync.outbrain.com/ match.sharethrough.com/ eb2.3lift.com/ e1.emxdgt.com/ sync.targeting.unrulymedia.com/ pixel.rubiconproject.com/ criteo-partners.tremorhub.com/ sync-criteo.ads.yieldmo.com/ criteo-sync.teads.tv/ ad.yieldlab.net/ c1.adform.net/ dis.criteo.com/ dpm.demdex.net/ maps.googleapis.com/ public-prod-dspcookiematching.dmxleo.com/ rt.flix360.com/ media.flixcar.com/ logo.flix360.io/ widgets.magentocommerce.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es facebook.com connect.facebook.net graph.facebook.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.gstatic.com yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; form-action online.transcard.bg/ secure.kbcbank.bg/ secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com api.bazaarvoice.com stg.api.bazaarvoice.com https://plumrocket.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; connect-src region1.analytics.google.com/ stats.g.doubleclick.net/ tr.snapchat.com/ tr6.snapchat.com/ measurement-api.criteo.com/ maps.googleapis.com/ region1.google-analytics.com/ media.flixcar.com/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://*.ingest.sentry.io http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io releva.ai localhost yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com https://www.google-analytics.com 'self' 'unsafe-inline'; frame-src 9253192.fls.doubleclick.net/ www.paypal.com www.sandbox.paypal.com www.apptrian.com www.facebook.com wesupplylabs.com www.plumrocket.com www.google.com www.yotpo.com www.wesupplylabs.com td.doubleclick.net/ tr.snapchat.com/ gum.criteo.com/ fledge.us.criteo.com/ service.loadbee.com/ www.youtube.com/ static.criteo.net/ secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es facebook.com connect.facebook.net graph.facebook.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://plumrocket.com https://www.google.com *.weltpixel.com yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; script-src app.avada.io connect.facebook.com connect.facebook.net facebook.com googleads.g.doubleclick.net www.google-analytics.com www.google.com/pagead/ www.google.bg/pagead/ www.facebook.com/tr/ maps.googleapis.com www.google.com/jsapi www.gstatic.com/charts/ ajax.cloudflare.com cloudflare.com secure.adnxs.com/ www.google.com/ www.facebook.com/ www.gstatic.com/ www.googleadservices.com www.paypalobjects.com www.vimeo.com www.youtube.com www.facebook.com apis.google.com www.googletagmanager.com www.yotpo.com cdn.polyfill.io browser.sentry-cdn.com tracking.channelsight.com/ sc-static.net/scevent.min.js dynamic.criteo.com/ tr.snapchat.com/ sslwidget.criteo.com/ widget.us.criteo.com/ media.flixfacts.com/ cdn.loadbee.com/ prod.flixgvid.flix360.io/ media.flixcar.com/ button.loadbee.com/ assets.adobedtm.com secure.authorize.net test.authorize.net js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es www.apptrian.com graph.facebook.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.googleapis.com *.google.com *.gstatic.com *.avada.io https://apis.google.com releva.ai https://www.googletagmanager.com tagmanager.google.com yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' data: gap: https://ssl.gstatic.com ; script-src 'self'  blob:; script-src-elem * https://fonts.googleapis.com https://static.addtoany.com/ https://cdn.cookielaw.org https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.googleadservices.com https://static.hotjar.com https://script.hotjar.com/ https://www.google-analytics.com https://googleads.g.doubleclick.net 'nonce-gTagMaNaGeR'; style-src 'self' http://fonts.googleapis.com https://widget.moin.ai https://css.zohocdn.com https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://jquery.app https://www.jqueryscript.net https://stackpath.bootstrapcdn.com; img-src * 'self' data:; font-src 'self' https://fonts.gstatic.com https://widget.moin.ai https://se-content-b.psplugin.com https://content.psplugin.com https://css.zohocdn.com; connect-src * 'self' https://unilabs.com https://maps.googleapis.com https://api.moin.ai https://cdn.cookielaw.org https://region1.google-analytics.com https://pagead2.googlesyndication.com https://h.clarity.ms/collect https://stats.g.doubleclick.net https://in.hotjar.com; frame-src 'self' https://static.addtoany.com https://player.vimeo.com/ https://www.youtube.com/ https://vars.hotjar.com/ https://www.google.com/; 1
font-src cdn.jsdelivr.net fonts.gstatic.com cdn.almapay.com https://widgets.trustedshops.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: client.crisp.chat data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com js.mollie.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.getalma.eu js.mollie.com game.crisp.chat 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.hsforms.net *.hsforms.com https://www.mollie.com 'self' data: *.crisp.chat integrations.etrusted.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net js.mollie.com https://polyfill-fastly.io https://browser.sentry-cdn.com s7.addthis.com *.googletagmanager.com tagmanager.google.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com smartarget.online client.crisp.chat widgets.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com tagmanager.google.com fonts.google.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com client.crisp.chat integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com client.crisp.chat 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.getalma.eu js.mollie.com https://*.ingest.sentry.io ekr.zdassets.com/ *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site t.elasticsuite.io *.hsforms.net *.hsforms.com api.smartarget.online *.crisp.chat 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self'; img-src 'self' 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com https://cdnjs.cloudflare.com 'self' data: *.google.fr *.google.com https://*.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com https://www.googletagmanager.com/ *.meetanshi.com www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.fr *.google.com *.avis-verifies.com *.sibforms.com *.sibautomation.com sibautomation.com *.weltpixel.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.meetanshi.com www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com 'self' data: *.google.fr *.google.com *.bing.com *.facebook.com https://*.cookielaw.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ s7.addthis.com *.avada.io *.meetanshi.com https://cdnjs.cloudflare.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.google.com *.google.fr *.googletagmanager.com *.facebook.net *.bing.com *.newrelic.com *.googlesyndication.com sdk.privacy-center.org https://*.cookielaw.org https://*.addtoany.com https://1map.com https://www.googletagmanager.com tagmanager.google.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.googleapis.com *.addtoany.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com *.gstatic.com *.google.fr *.google.com https://*.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.googleapis.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ ekr.zdassets.com/ https://get.geojs.io *.avada.io http://dpm.demdex.net *.meetanshi.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.google.fr stats.g.doubleclick.net *.facebook.net *.googlesyndication.com https://*.cookielaw.org https://www.google-analytics.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.hotjar.com https://static.ads-twitter.com https://3ieinternational.my.salesforce-sites.com https://www.googletagmanager.com https://snap.licdn.com https://www.google-analytics.com https://static.ads-twitter.com/uwt.js https://script.hotjar.com https://s7.addthis.com https://www.google.com https://t.sharethis.com https://platform-api.sharethis.com https://e.infogram.com https://www.clarity.ms https://s3.amazonaws.com https://px.ads.linkedin.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.highcharts.com https://d1bxh8uas1mnw7.cloudfront.net https://d3js.org https://kendo.cdn.telerik.com https://static.addtoany.com https://unpkg.com https://ws.sharethis.com https://www.gstatic.com mdbootstrap.com platform.instagram.com platform.twitter.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://static.hotjar.com https://static.ads-twitter.com https://3ieinternational.my.salesforce-sites.com https://www.googletagmanager.com https://snap.licdn.com https://www.google-analytics.com https://static.ads-twitter.com/uwt.js https://script.hotjar.com https://s7.addthis.com https://www.google.com https://t.sharethis.com https://platform-api.sharethis.com https://e.infogram.com https://www.clarity.ms https://s3.amazonaws.com https://px.ads.linkedin.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.highcharts.com https://d1bxh8uas1mnw7.cloudfront.net https://d3js.org https://kendo.cdn.telerik.com https://static.addtoany.com https://unpkg.com https://ws.sharethis.com https://www.gstatic.com mdbootstrap.com platform.instagram.com platform.twitter.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://ws.sharethis.com https://cdn-images.mailchimp.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://kendo.cdn.telerik.com https://maxcdn.bootstrapcdn.com https://www.google.com mdbootstrap.com use.fontawesome.com; form-action 'self'; frame-ancestors 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-3d1AlxG1RYViNuHNNEM7WQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; connect-src 'self' https://www.google-analytics.com *.fontawesome.com; font-src 'self' http://fonts.googleapis.com https://fonts.gstatic.com *.fontawesome.com https://cdnjs.cloudflare.com http://themes.googleusercontent.com; frame-src 'self' https://www.youtube.com http://www.youtube.com https://www.google.com https://maps.google.com https://player.vimeo.com https://www.facebook.com; img-src * data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://ajax.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://code.jquery.com *.fontawesome.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com mdbootstrap.com stackpath.bootstrapcdn.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' *.fontawesome.com https://www.google-analytics.com https://ssl.google-analytics.com http://themes.googleusercontent.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com mdbootstrap.com stackpath.bootstrapcdn.com; style-src 'self' fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' *.fontawesome.com *.mailchimp.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; frame-ancestors 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-fSLQA0zOZ36ovwix8ncuRw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.gstatic.com data: 'self' data: *.doubleclick.net *.fontawesome.com maxcdn.bootstrapcdn.com applepay.cdn-apple.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.doubleclick.net *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.iubenda.com api.payplug.com secure.payplug.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net cdn.doofinder.com *.iubenda.com https://www.magezon.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.googletagmanager.com *.facebook.net *.doubleclick.net cdn.doofinder.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.iubenda.com api.payplug.com applepay.cdn-apple.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net *.doofinder.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.doofinder.com wss://*.doofinder.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.iubenda.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-VBtqb8lPpze80mAU2s7-Yg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src  *.hotjar.com *.klevu.com *.typekit.net *.sagepay.com *.globalpay.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com *.ksearchnet.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.hotjar.com *.facebook.net *.facebook.com *.sagepay.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.google.com/  *.hotjar.com  *.youtube.com *.addthis.com *.trustpilot.com *.facebook.net *.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.sagepay.com account.fetchify.com *.americanexpress.com *.globalpay.com *.mastercard.com *.visa.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.klevu.com *.doubleclick.net *.bing.com *.google.com *.google.co.uk *.cutwel.co.uk https://images.unsplash.com *.trackedlink.net *.paypal.com *.sagepay.com ebizmarts-website.s3.amazonaws.com *.globalpay.com *.facebook.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.gstatic.com *.googletagmanager.com  *.hotjar.com *.zdassets.com *.trackedlink.net *.addthis.com *.klevu.com *.trustpilot.com *.moatads.com *.addthisedge.com *.googleadservices.com *.doubleclick.net *.tctm.co *.bing.com *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.sagepay.com *.aexp-static.com https://ajax.aspnetcdn.com *.globalpay.com *.gpapiservices.com connect.facebook.net *.google-analytics.com js.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.myfonts.net *.klevu.com *.typekit.net *.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.sagepay.com cc-cdn.com https://fonts.googleapis.com maxcdn.bootstrapcdn.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.hotjar.com *.hotjar.io *.zdassets.com *.zopim.com *.doubleclick.net *.google-analytics.com *.tctm.co *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.paypal.com *.sagepay.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-GwjQqSKG6wudkM51ExYIxg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-tXEJ0sfOjj0KGG5S8-ae7g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com *.cloudflare.com *.matcha.wine *.avis-verifies.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.avis-verifies.com *.cookiebot.com *.dwin1.com *.awin1.com *.zenaps.com *.sciencebehindecommerce.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org *.cloudflare.com *.matcha.wine *.avis-verifies.com bat.bing.com lantern.roeye.com imgsct.cookiebot.com www.zenaps.com www.awin1.com trc.taboola.com *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.cloudflare.com *.newrelic.com *.nr-data.net *.matcha.wine *.avis-verifies.com *.cookiebot.com *.dwin1.com *.awin1.com *.zenaps.com *.sciencebehindecommerce.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.cloudflare.com *.matcha.wine *.avis-verifies.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.cloudflare.com *.newrelic.com *.nr-data.net *.matcha.wine *.avis-verifies.com *.cookiebot.com *.dwin1.com *.awin1.com *.zenaps.com *.sciencebehindecommerce.com psb.taboola.com pips.taboola.com cds.taboola.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
child-src  www.paypalobjects.com; connect-src 'self' 'report-sample' s3.amazonaws.com/cv3.customfiles mpcart.commercev3.com *.listrakbi.com *.listrak.com www.google-analytics.com ssl.google-analytics.com ui.powerreviews.com stats.g.doubleclick.net analytics.google.com bat.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.facebook.com *.klaviyo.com sandbox.affirm.com widget.sezzle.com media.sezzle.com tracker.affirm.com www.googletagmanager.com measurement-api.criteo.com     www.google.com/pay   *.pay.google.com; default-src 'self' s3.amazonaws.com/cdn.modernperformance.com/ cdn.commercev3.net/cdn.modernperformance.com/ cdn.modernperformance.com 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com; font-src 'self' mpcart.commercev3.com s3.amazonaws.com/cdn.modernperformance.com/ cdn.commercev3.net/cdn.modernperformance.com/ cdn.modernperformance.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com data:; form-action 'self' www.facebook.com www.paypal.com checkout.sezzle.com; frame-src 'self' *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com www.pinterest.com www.google.com gum.criteo.com sandbox.affirm.com static.criteo.net player.vimeo.com www.youtube.com fledge.criteo.com pay.google.com; frame-ancestors 'self' ; img-src 'self' s3.amazonaws.com/cdn.modernperformance.com/ cdn.commercev3.net/cdn.modernperformance.com/ cdn.modernperformance.com ssl.google-analytics.com www.google.com/pagead/1p-user-list/ www.google.com/ads/ga-audiences ct.pinterest.com/v3/ stats.g.doubleclick.net bat.bing.com c.bing.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.paypal.com www.paypalobjects.com secure.trust-provider.com gum.criteo.com eb2.3lift.com tapestry.tapad.com s.ad.smaato.net trends.revcontent.com jadserve.postrelease.com idsync.rlcdn.com ads.stickyadstv.com matching.ivitrack.com tg.socdm.com visitor.omnitagjs.com ad.yieldlab.net ups.analytics.yahoo.com criteo-sync.teads.tv sync-t1.taboola.com rtb-csync.smartadserver.com match.sharethrough.com pixel.rubiconproject.com simage2.pubmatic.com contextual.media.net sync.outbrain.com exchange.mediavine.com ad.360yield.com r.casalemedia.com ih.adscale.de googleads.g.doubleclick.net media.sezzle.com ib.adnxs.com cm.g.doubleclick.net partner.mediawallahscript.com x.bidswitch.net sync-criteo.ads.yieldmo.com ad.tpmn.co.kr ade.clmbtech.com criteo-partners.tremorhub.com cotads.adscale.de dis.criteo.com mvezin.modernperformance.com www.googleadservices.com www.gstatic.com/images/ i.vimeocdn.com/video; script-src 'self' 'report-sample' s3.amazonaws.com/cdn.modernperformance.com/ cdn.commercev3.net/cdn.modernperformance.com/ cdn.modernperformance.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com secure.trust-provider.com sslwidget.criteo.com static.criteo.net widget.sezzle.com cdn1-sandbox.affirm.com widget.us.criteo.com; script-src-elem 'self' 'report-sample' s3.amazonaws.com/cdn.modernperformance.com/ cdn.commercev3.net/cdn.modernperformance.com/ cdn.modernperformance.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com secure.trust-provider.com sslwidget.criteo.com static.criteo.net widget.sezzle.com cdn1-sandbox.affirm.com widget.us.criteo.com; style-src 'self' s3.amazonaws.com/cdn.modernperformance.com/ cdn.commercev3.net/cdn.modernperformance.com/ cdn.modernperformance.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net media.sezzle.com; style-src-elem 'self' s3.amazonaws.com/cdn.modernperformance.com/ cdn.commercev3.net/cdn.modernperformance.com/ cdn.modernperformance.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net media.sezzle.com; style-src-attr  'unsafe-inline'; media-src 'self' mpcart.commercev3.com s3.amazonaws.com/cdn.modernperformance.com/ cdn.commercev3.net/cdn.modernperformance.com/ cdn.modernperformance.com www.bing.com; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net https://www.shopperapproved.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.paypal.com *.paypalobjects.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.paypal.com *.paypalobjects.com *.google.com *.affirm.com cdn.ywxi.net cdn.attn.tv www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: *.zonos.com *.google.com cdn.ywxi.net https://www.shopperapproved.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://a.klaviyo.com store.paradoxlabs.com *.gstatic.com *.facebook.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.zonos.com *.klaviyo.com npmcdn.com cdn.ywxi.net *.affirm.com cdn.attn.tv https://www.shopperapproved.com https://direct.shopperapproved.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://fast.a.klaviyo.com *.avada.io *.authorize.net *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com sessions.bugsnag.com *.paypal.com *.paypalobjects.com *.zonos.com *.google-analytics.com *.doubleclick.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://fast.a.klaviyo.com *.authorize.net analytics.google.com *.facebook.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.googletagmanager.com cdn.callrail.com *.doubleclick.net www.google.com *.onetrust.com js.callrail.com *.clarity.ms assets.adobedtm.com *.gstatic.com analytics.google.com *.omtrdc.net *.everesttech.net hello.myfonts.net *.demdex.net www.youtube.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
base-uri 'self';connect-src 'self' google.com *.google.com maps.googleapis.com metrics.hotjar.io analytics.google.com www.googletagmanager.com www.google-analytics.com www.google.com.br *.holofy.io *.outbrain.com *.oribi.io *.pinterest.com *.doubleclick.net *.tiktok.com *.facebook.com;default-src 'self' fonts.gstatic.com *.bootstrapcdn.com cdnjs.cloudflare.com *.youtube.com *.ffid.io *.pinterest.com *.facebook.com;form-action 'self' *.facebook.com;img-src 'self' cury.net homolog.cury.net app.cury.net www.google.com www.google.com.br data: *.linkedin.com *.pinterest.com *.facebook.com;media-src 'self';object-src 'none';script-src 'self' 'unsafe-eval' www.googletagmanager.com;script-src-elem 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.facebook.net *.tiktok.com *.outbrain.com *.pinimg.com *.doubleclick.net static.hotjar.com *.googleapis.com code.jquery.com cdn.jsdelivr.net cdnjs.cloudflare.com cdn.datatables.net *.ffid.io *.onesignal.com onesignal.com *.cloudfront.net *.gaconnector.com *.ubembed.com *.snap.licdn.com *.fulfilling.io snap.licdn.com *.theskill.store 'nonce-eSLerxiy4gQtxzJNSOES4TAJDjC0PPDt';script-src-attr 'unsafe-inline';style-src 'self';style-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com stackpath.bootstrapcdn.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com *.bootstrapcdn.com cdn.datatables.net *.theskill.store 'nonce-eSLerxiy4gQtxzJNSOES4TAJDjC0PPDt';style-src-attr 'unsafe-inline';frame-ancestors 'self';upgrade-insecure-requests 1
img-src https://higherlogicdownload.s3.amazonaws.com/ITRC/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ITRC/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/ITRC/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' https://higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ITRC/ https://higherlogicdownload.s3.amazonaws.com/ITRC/ https://higherlogiclongterm.s3.amazonaws.com/ITRC/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogiccloudfront.s3.amazonaws.com https://higherlogicdownload.s3.amazonaws.com/ITRC/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ITRC/ 'self' https://higherlogiclongterm.s3.amazonaws.com/ITRC/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; media-src https://higherlogiclongterm.s3.amazonaws.com/ITRC/ https://higherlogicdownload.s3.amazonaws.com/ITRC/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ITRC/ https://higherlogicstream.s3.amazonaws.com/ITRC/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/ITRC/ https://higherlogicdownload.s3.amazonaws.com/ITRC/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/hlqui-2024-05-08.js https://d132x6oi8ychic.cloudfront.net https://cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ITRC/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/hlq-2024-05-08.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; script-src-elem https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/hlqui-2024-05-08.js https://d3uf7shreuzboy.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/hlq-2024-05-08.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; default-src 'self'; base-uri 'self'; connect-src 'self' https://hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com fontawesome.com maps.googleapis.com *.intercomcdn.com *.nosto.com *.klaviyo.com *.requirejs.org *.google.com bam.nr-data.net *.cardinalcommerce.com *.omtrdc.net *.demdex.net *.amazon.com *.algolia.com *.afterpay.com mcprod.mipiaci.co.nz *.facebook.com *.merchant1948.co.nz *.cfjump.com *.intercom.io foursixty.com *.aptrinsic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.nosto.com *.nos.to https://plumrocket.com *.paymentexpress.com *.windcave.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.nosto.com *.nos.to https://plumrocket.com https://accounts.google.com *.weltpixel.com *.paymentexpress.com *.windcave.com www.xtento.com *.yotpo.com popup.laybuy.com maps.googleapis.com *.intercomcdn.com youtube.com *.klaviyo.com *.requirejs.org *.google.com bam.nr-data.net *.cardinalcommerce.com *.omtrdc.net *.demdex.net *.amazon.com *.algolia.com *.afterpay.com mcprod.mipiaci.co.nz *.facebook.com *.merchant1948.co.nz *.cfjump.com *.intercom.io foursixty.com *.aptrinsic.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.afterpay.com https://site-assets.afterpay.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.nosto.com *.nos.to www.xtento.com cdn.xtento.com *.yotpo.com static.afterpay.com static.secure-afterpay.com.au maps.googleapis.com site-assets.afterpay.com *.intercomcdn.com *.klaviyo.com integration-assets.laybuy.com *.requirejs.org *.google.com bam.nr-data.net *.cardinalcommerce.com *.demdex.net *.amazon.com *.algolia.com *.afterpay.com maps.gstatic.com mcprod.mipiaci.co.nz *.facebook.com *.merchant1948.co.nz *.cfjump.com *.intercom.io foursixty.com *.aptrinsic.com scontent.cdninstagram.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://api.addressfinder.io https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com polyfill.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com *.avada.io *.nosto.com *.nos.to https://accounts.google.com https://www.gstatic.com *.maxmind.com www.xtento.com cdn.xtento.com *.yotpo.com js-agent.newrelic.com maps.googleapis.com *.intercomcdn.com *.klaviyo.com *.requirejs.org *.google.com bam.nr-data.net *.cardinalcommerce.com *.omtrdc.net *.demdex.net *.amazon.com *.algolia.com *.afterpay.com mcprod.mipiaci.co.nz *.facebook.com *.merchant1948.co.nz *.cfjump.com *.intercom.io foursixty.com *.aptrinsic.com https://player.vimeo.com/api/player.js connect.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://api.addressfinder.io static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com *.nosto.com *.nos.to https://accounts.google.com https://www.gstatic.com *.yotpo.com *.googleapis.com maps.googleapis.com *.intercomcdn.com *.klaviyo.com *.requirejs.org *.google.com bam.nr-data.net *.cardinalcommerce.com *.omtrdc.net *.demdex.net *.amazon.com *.algolia.com *.afterpay.com mcprod.mipiaci.co.nz *.facebook.com *.merchant1948.co.nz *.cfjump.com *.intercom.io foursixty.com *.aptrinsic.com 'self' 'unsafe-inline'; object-src maps.googleapis.com *.intercomcdn.com *.nosto.com *.klaviyo.com *.yotpo.com *.requirejs.org *.google.com bam.nr-data.net *.cardinalcommerce.com *.omtrdc.net *.demdex.net *.amazon.com *.algolia.com *.afterpay.com mcprod.mipiaci.co.nz *.facebook.com *.merchant1948.co.nz vimeo.com *.cfjump.com *.intercom.io foursixty.com *.aptrinsic.com 'self' 'unsafe-inline'; media-src maps.googleapis.com *.intercomcdn.com *.nosto.com *.klaviyo.com *.yotpo.com *.requirejs.org *.google.com bam.nr-data.net *.cardinalcommerce.com *.demdex.net *.amazon.com *.algolia.com *.afterpay.com mcprod.mipiaci.co.nz *.facebook.com *.merchant1948.co.nz vimeo.com *.cfjump.com *.intercom.io foursixty.com *.aptrinsic.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://api.addressfinder.io static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.algolia.net *.algolia.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ https://get.geojs.io *.avada.io *.nosto.com *.nos.to https://accounts.google.com *.mmapiws.com *.yotpo.com api-iam.intercom.io maps.googleapis.com wss://nexus-websocket-a.intercom.io *.intercomcdn.com *.klaviyo.com *.requirejs.org *.google.com bam.nr-data.net *.cardinalcommerce.com *.omtrdc.net *.demdex.net *.amazon.com *.afterpay.com mcprod.mipiaci.co.nz *.facebook.com *.merchant1948.co.nz *.cfjump.com *.intercom.io foursixty.com *.aptrinsic.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src maps.googleapis.com *.intercomcdn.com *.nosto.com *.klaviyo.com *.yotpo.com *.requirejs.org *.google.com bam.nr-data.net *.cardinalcommerce.com *.omtrdc.net *.demdex.net *.amazon.com *.algolia.com *.afterpay.com mcprod.mipiaci.co.nz *.facebook.com *.merchant1948.co.nz vimeo.com *.cfjump.com *.intercom.io foursixty.com *.aptrinsic.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.fixando.com/ https://cdn.fixando.com/ https://pics.fixando.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.googletagservices.com/ https://www.googleadservices.com/ https://tpc.googlesyndication.com/ https://pagead2.googlesyndication.com/ https://adservice.google.com.pk/ https://adservice.google.com.br/ https://adservice.google.com.py/ https://adservice.google.com.do/ https://adservice.google.com/ https://adservice.google.pt/ https://adservice.google.nl/ https://adservice.google.cl/ https://adservice.google.it/ https://adservice.google.pl/ https://adservice.google.no/ https://adservice.google.fr/ https://adservice.google.bg/ https://adservice.google.es/ https://adservice.google.se/ https://adservice.google.be/ https://adservice.google.de/ https://adservice.google.ch/ https://adservice.google.hu/ https://adservice.google.ie/ https://adservice.google.lu/ https://adservice.google.ru/ https://adservice.google.be/ https://adservice.google.co.uk/ https://adservice.google.co.ao/ https://adservice.google.co.in/ https://partner.googleadservices.com/ https://maps.googleapis.com/ https://optimize.google.com/ https://www.googleoptimize.com/ https://www.gstatic.com/ https://googleads.g.doubleclick.net/ https://pubads.g.doubleclick.net/ https://static.zdassets.com/ https://widget-mediator.zopim.com/ https://www.facebook.com/ https://connect.facebook.net/ https://static.hotjar.com/ https://script.hotjar.com/ https://cdn.jsdelivr.net/ https://static.zdassets.com/ https://d2wy8f7a9ursnm.cloudfront.net/ https://apis.google.com/ https://tagmanager.google.com/ https://accounts.google.com/ https://www.paypal.com/ https://cdn.socket.io/ https://widget.trustpilot.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://bucket.cdnwebcloud.com https://bat.bing.com https://www.clarity.ms https://www.google.com https://*.outbrain.com 1
default-src 'self' www.slu.se student.slu.se internt.slu.se artdatabanken.se www.universitetsdjursjukhuset.se;          img-src 'self';                         script-src 'self' https: 'unsafe-inline' 'unsafe-eval' *.euro.confirmit.com *.getsitecontrol.com *.episerver.net *.siteimproveanalytics.com *.sitester.com www.universitetsdjursjukhuset.se *.slu.se sp.tinymce.com fonts.gstatic.com translate.google.com translate.googleapis.com;                          style-src 'self' https: 'unsafe-inline';                         font-src 'self' data:;                         object-src 'none';                         form-action 'self';                         base-uri 'self';                         frame-src *.kaltura.nordu.net *.slu.se *.emg-srs.com *.youtube.com;                         frame-ancestors 'self';                         connect-src 'self' *.vizzit.se digitalfeedback.euro.confirmit.com matomo.slu.se;       report-to cspViolations;       report-uri /api/CspViolationReport 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com landofcoder.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googleapis.com *.gstatic.com *.croapp.net https://unpkg.com landofcoder.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline fonts.googleapis.com *.fontawesome.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.googleapis.com landofcoder.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://v.altos.re https://d3lvyvnpx5ojp0.cloudfront.net https://d2j5mmc5xd3gqs.cloudfront.net https://cdn.altos.re https://cdn.staging.altos.re https://d2iiunr5ws5ch1.cloudfront.net https://d2v26nvc3n2c51.cloudfront.net https://js.stripe.com https://checkout.stripe.com https://cdn.mxpnl.com https://api.mixpanel.com https://www.google-analytics.com https://code.jquery.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.ckeditor.com https://code.highcharts.com https://code.angularjs.org https://maxcdn.bootstrapcdn.com https://ssl.google-analytics.com https://connect.facebook.net https://www.bugherd.com; style-src 'self' 'unsafe-inline' https://v.altos.re https://d2j5mmc5xd3gqs.cloudfront.net https://d3lvyvnpx5ojp0.cloudfront.net https://d2iiunr5ws5ch1.cloudfront.net https://d2v26nvc3n2c51.cloudfront.net https://cdn.staging.altos.re https://cdn.ckeditor.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; img-src 'self' data: https://v.altos.re https://d2j5mmc5xd3gqs.cloudfront.net https://d3lvyvnpx5ojp0.cloudfront.net https://cdn.altos.re https://cdn.staging.altos.re https://ssl.google-analytics.com https://www.google-analytics.com https://us.altosresearch.com https://google.com https://www.gstatic.com https://s-static.ak.facebook.com https://www.facebook.com https://altosimages-staging.s3.amazonaws.com https://altosimages.s3.amazonaws.com https://api.url2png.com https://cdn.ckeditor.com https://q.stripe.com https://maps.googleapis.com https://www.bugherd.com https://bugherd-attachments.s3.amazonaws.com https://d2iiunr5ws5ch1.cloudfront.net; font-src 'self' https://v.altos.re https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://themes.googleusercontent.com https://www.bugherd.com; connect-src 'self' https://charts.altosresearch.com https://cdn.staging.altos.re https://cdn.altos.re wss://ws.pusherapp.com/app/edf8b9a8b50d1c28bb17 https://api.mixpanel.com https://www.bugherd.com https://checkout.stripe.com; object-src 'self' ; child-src https://www.facebook.com https://s-static.ak.facebook.com https://www.filestackapi.com https://www.youtube.com https://checkout.stripe.com https://js.stripe.com https://dialog.filestackapi.com; block-all-mixed-content; reflected-xss block; report-uri https://altos.report-uri.io/r/default/csp/reportOnly; 1
default-src *; script-src * 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; report-to https://mercedesforum.report-uri.com/r/d/csp/enforce 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com/analytics.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.lever.co https://backend.tendermint.com https://www.google-analytics.com; font-src 'self' data: fonts.gstatic.com https://raw.githubusercontent.com; frame-src 'self'; img-src 'self' data: about: blob: https://www.gstatic.com/images/ https://cdn-images-1.medium.com https://d33wubrfki0l68.cloudfront.net https://www.google-analytics.com; manifest-src 'self'; media-src 'self' data:; worker-src 'none'; frame-ancestors 'none'; form-action 'self'; report-uri https://bce8f9ed809bb395c2d2805d76f7e87a.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: email.score-invest.com ajax.googleapis.com *.bing.com c.clarity.ms cdn.cookielaw.org cdn.early-birds.fr cdn.early-birds.io cdnjs.cloudflare.com ajax.cloudflare.com googleads.g.doubleclick.net h.clarity.ms sibautomation.com static.cloudflareinsights.com pixel.rubiconproject.com widgets.trustedshops.com *.google-analytics.com *.google.com *.googletagmanager.com *.googleapis.com fonts.gstatic.com connect.facebook.net *.criteo.net *.criteo.com *.zdassets.com *.zendesk.com *.zopim.com *.zopim.io wss://*.zendesk.com wss://*.zopim.com *.liadm.com criteo-partners.tremorhub.com sync.outbrain.com sync-t1.taboola.com rtb-csync.smartadserver.com eb2.3lift.com ad.360yield.com simage2.pubmatic.com r.casalemedia.com criteo-sync.teads.tv contextual.media.net cm.adform.net visitor.omnitagjs.com match.sharethrough.com matching.ivitrack.com *.stickyadstv.com exchange.mediavine.com s.ad.smaato.net *.doubleclick.net *.dmxLeo.com e1.emxdgt.com *.yahoo.com *.adnxs.com x.bidswitch.net api.early-birds.fr *.badminton-point.com  *.badminton-point.de *.brevo.com *.onetrust.com 1
default-src 'self' 'sha256-CpVHHz+n6VNKGvEMpUD3u2AGcdTa7HC04T0t2E/luRg=' 'sha256-t/TV4mVvsYyRRmzsnJQxH1M3PIzrTM9N75vZsHK6c4M=' 'sha256-CpVHHz+n6VNKGvEMpUD3u2AGcdTa7HC04T0t2E/luRg=' 'sha256-pYWcJjjKJnzi2yBJOfVkAfTNrsK/E+MNH568k1drRPI=' 'sha256-vUydzT54GHFfwMPUOeoneQwFc+pC3UksVfFvuIWzASE=' 'sha256-SoHnkEPpU2G9fb1LfNfymxNjOkYyBXDXjOJ45prpt7M=' 'sha256-oOseNGdaZnme5+nP+y+P0sg6v8Jct4ZgizgbYq+5Xd0=' https://www.googletagmanager.com https://play.libsyn.com https://www.youtube-nocookie.com https://youtu.be/ https://siteimproveanalytics.com https://siteimproveanalytics.com/js/siteanalyze_10597.js *.siteimproveanalytics.com yoshki.com https://watch.wave.video/ https://tourmkr.com/ https://online.fliphtml5.com/ https://docs.google.com doubleclick.net https://siteimproveanalytics.com *.zencdn.net players.brightcove.net fonts.gstatic.com *.googleapis.com s3.amazonaws.com www.google.com *.googletagmanager.com *.gstatic.com *.siteimproveanalytics.io *.doubleclick.net *.google-analytics.com *.siteimproveanalytics.com cwt.vuturevx.com www.youtube.com open.spotify.com vimeo.com directory.libsyn.com html5-player.libsyn.com *.yoshki.com; img-src 'self' data: https://www.google.com/ads/ga-audiences https://www.google-analytics.com/ https://online.fliphtml5.com yoshki.com https://docs.google.com *.boltdns.net *.brightcove.com https://maps.gstatic.com https://maps.googleapis.com/ https://cwt.vuturevx.com/ https://s3.amazonaws.com/ *.siteimproveanalytics.io; media-src 'self' blob: yoshki.com ; font-src 'self' data: https://fonts.gstatic.com https://docs.google.com *.yoshki.com; worker-src 'self' blob: *.yoshki.com; connect-src 'self' https://www.googletagmanager.com https://siteimproveanalytics.com/js/siteanalyze_10597.js *.siteimproveanalytics.com https://stats.g.doubleclick.net yoshki.com *.google-analytics.com *.siteimproveanalytics.com *.brightcove.com *.boltdns.net https://bcbolt446c5271-a.akamaihd.net https://docs.google.com; frame-ancestors 'self' *.siteimproveanalytics.com yoshki.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://siteimproveanalytics.com/js/siteanalyze_10597.js *.google-analytics.com www.gstatic.com *.siteimproveanalytics.com *.google.com;style-src-elem * 'self' 'unsafe-inline' https://fonts.googleapis.com/; 1
default-src one2track-1d527.kxcdn.com 'self' data: *.typekit.net *.kxcdn.com cdn.faceworks.nl *.gstatic.com *.fontawesome.com *.fbcdn.net cdn.jsdelivr.net *.bootstrapcdn.com cdnjs.cloudflare.com; style-src 'self' *.open-meteo.com one2track-1d527.kxcdn.com *.typekit.net *.mailchimp.com 'unsafe-inline' *.gstatic.com *.paazl.com *.fontawesome.com cdn.jsdelivr.net *.bootstrapcdn.com cdnjs.cloudflare.com fonts.googleapis.com; script-src 'self' unpkg.com *.open-meteo.com *.hcaptcha.com www.dwin1.com www.awin1.com *.sciencebehindecommerce.com lantern.roeyecdn.com one2track-1d527.kxcdn.com 'unsafe-inline' 'unsafe-eval' *.fbcdn.net *.amazonaws.com *.list-manage.com *.google-analytics.com *.jquery.com getk2.org *.rupostel.com *.googleapis.com *.jsdelivr.net *.doubleclick.net google.com *.paazl.com *.twitter.com *.bootstrapcdn.com *.googleadservices.com *.facebook.net cdnjs.cloudflare.com *.googletagmanager.com *.fontawesome.com *.google.com *.gstatic.com; object-src 'self' *.googletagmanager.com *.fontawesome.com; frame-src 'self' *.doubleclick.net *.hcaptcha.com *.fbcdn.net *.awin1.com *.youtube.com vimeo.com cdn.rupostel.com *.google.com platform.twitter.com *.facebook.com; img-src * data: *.google-analytics.com *.analytics.google.com; connect-src 'self' *.open-meteo.com *.wepowerconnections.com *.google.nl *.sciencebehindecommerce.com *.google.com *.doubleclick.net *.googlesyndication.com *.google.be *.paazl.com *.google-analytics.com *.analytics.google.com *.doubleclick.net www.facebook.com; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: backend.gucciosteria.com use.typekit.net www.google-analytics.com checkout-beverly-hills.gucciosteria.com checkout-florence.gucciosteria.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-vocMI01gPS4XkqmD5eBEZg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src maxcdn.bootstrapcdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com *.fontawesome.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.facebook.net https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src blob:; font-src *.klarnacdn.net maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: *.stripe.com klarna.com *.klarna.com *.klarnaevt.com *.sparelys.no *.trioweb.net *.trioweb.dev data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.snapchat.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.klarna.com blob: https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.snapchat.com apis.google.com *.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.klarna.com *.klarnaevt.com *.klarnacdn.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com 'self' data: *.sparelys.no *.trioweb.net *.trioweb.dev *.google.no *.google.se *.g.doubleclick.net *.bing.com *.clarity.ms *.snapchat.com *.europa.eu apis.google.com *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.klarna.com *.klarnacdn.net *.klarnaservices.com unpkg.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ s7.addthis.com *.gstatic.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.google.com *.stripe.com klarna.com *.klarnaevt.com *.sparelys.no *.trioweb.net *.trioweb.dev *.g.doubleclick.net *.bing.com *.clarity.ms sc-static.net apis.google.com invitejs.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klarnacdn.net maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline assets.braintreegateway.com *.googleapis.com www.googletagmanager.com *.sparelys.no *.trioweb.net *.trioweb.dev 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com www.pdf995.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ ekr.zdassets.com/ www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.stripe.com klarna.com *.sparelys.no *.trioweb.net *.trioweb.dev *.g.doubleclick.net *.bing.com *.clarity.ms *.snapchat.com apis.google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com *.googleapis.com *.gstatic.com *.fontawesome.com *.fonts.googleapis.com data: *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com secure-gateway.hipay-tpp.com *.hipay.com *.google.com *.addthis.com *.sharethis.com *.pinterest.com https://www.googletagmanager.com/ *.trustpilot.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com https://cdn.clerk.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.addthis.com *.sharethis.com *.pinterest.com *.cdninstagram.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://api.clerk.io https://cdn.clerk.io chimpstatic.com downloads.mailchimp.com *.list-manage.com secure-gateway.hipay-tpp.com *.hipay.com mpsnare.iesnare.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.addthis.com *.sharethis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.trustpilot.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://api.clerk.io https://cdn.clerk.io downloads.mailchimp.com *.hipay.com *.googleapis.com *.fontawesome.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: mpsnare.iesnare.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org *.googleapis.com *.hipay.com wss://mpsnare.iesnare.com https://*.ingest.sentry.io *.cloudflare.com *.paypal.com *.addthis.com *.sharethis.com *.cardinalcommerce.com *.graph.instagram.com *.google-analytics.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.googleapis.com *.gstatic.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.google.com/ https://www.youtube.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net *.amazonaws.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.fontawesome.com *.googleapis.com *.gstatic.com *.avada.io *.google.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io *.sendcloud.sc *.jsdelivr.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com d.ratepay.com d.payla.io dr.payla.io *.sendcloud.sc *.jsdelivr.net https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com payments.amazon.de d.ratepay.com jsctool.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src 'self' data: js.klevu.com fonts.gstatic.com *.klevu.com *.ksearchnet.com *.narvar.com *.narvar.qa data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de 'self' www.google.com 'self' *.affirm.com 'self' *.vimeo.com 'self' *.sharethis.mgr.consensu.org 'self' *.sharethis.com drive.google.com *.wufoo.com *.paypal.com *.braintreegateway.com *.dnky.co *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com hello.zonos.com js.klevu.com *.paypal.com cdn.datamanager.arinet.com *.trackedlink.net *.klevu.com *.ksearchnet.com *.narvar.com *.narvar.qa www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de chimpstatic.com *.adroll.com *.adroll.mgr.consensu.org *.facebook.net *.affirm.com *.gstatic.com www.google.com *.sharethis.com *.wufoo.com *.linkedin.com *.licdn.com js.klevu.com hello.zonos.com cdn.iglobalstores.com assets.shipperhq.com *.paypal.com *.trackedlink.net *.dnky.co js-agent.newrelic.com bam.nr-data.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com 'self' *.sharethis.com *.licdn.com js.klevu.com assets.shipperhq.com fonts.googleapis.com *.dnky.co cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.narvar.com *.narvar.qa 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.affirm.com *.adroll.com *.doubleclick.net 'self' *.sharethis.com hello.zonos.com rms.shipperhq.com wss://rms.shipperhq.com *.braintree-api.com *.paypal.com *.braintreegateway.com *.dotdigital.com *.ksearchnet.com bam.nr-data.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.google.com google.com ovs.shipperhq.com wss://rms.shipperhq.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.example.com/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-AgOrvvPchZ0e9QFG6usN9w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.gstatic.com *.fontawesome.com fonts.gstatic.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net *.designer-images.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js s7.addthis.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.avada.io *.stat-track.com polyfill.io *.moosend.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.zendesk.com *.zdassets.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.googletagmanager.com *.fontawesome.com fonts.googleapis.com *.moosend.com *.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ *.google-analytics.com *.google.com *.doubleclick.net *.googlesyndication.com https://get.geojs.io *.avada.io *.stat-track.com *.m-pages.com *.m-operations.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com ipinfo.io *.zendesk.com wss://widget-mediator.zopim.com *.zopim.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=arome 1
font-src *.fontawesome.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.iubenda.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.iubenda.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.iubenda.com *.avada.io player.vimeo.com *.youtube.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.iubenda.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; img-src * data: blob:; style-src * 'unsafe-inline' blob: https://cuatro.sim-cdn.nl; font-src 'self' data: https://fonts.bunny.net https://fonts.gstatic.com https://cuatro.sim-cdn.nl https://cuatro.sim-cdn-acceptatie.nl https://cuatro.sim-cdn-test.nl https://null; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; form-action 'self'; media-src https://*.readspeaker.com https://*.streamlock.net https://storage.googleapis.com https://scribit-pro-hosting.storage.googleapis.com https://scribit-pro.storage.googleapis.com https://app.talkjs.com 'self' blob:; frame-src *; frame-ancestors 'self'; worker-src * 'unsafe-inline' blob:; report-uri /api/csp-report 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudfront.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com www.google.com consentcdn.cookiebot.com consentcdn.cookiebot.eu https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.criteo.com *.criteo.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.io https://*.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.gstatic.com *.googleapis.com *.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.criteo.com *.criteo.net *.packoplock.se *.packoplock.no *.napakka.fi *.husted-emballage.dk *.nordahl.se *.bing.com *.cloudfront.net 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ consent.cookiebot.com consent.cookiebot.eu *.facebook.net http://www.googletagmanager.com/ https://www.googletagmanager.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://popedapi.packoplock.se *.criteo.com *.criteo.net *.packoplock.se *.packoplock.no *.napakka.fi *.husted-emballage.dk *.nordahl.se *.cloudfront.net *.clarity.ms *.bing.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.io *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.packoplock.se *.packoplock.no *.napakka.fi *.husted-emballage.dk *.nordahl.se *.cloudfront.net *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.googleapis.com consentcdn.cookiebot.com consentcdn.cookiebot.eu *.facebook.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://popedapi.packoplock.se *.criteo.com *.criteo.net *.packoplock.se *.packoplock.no *.napakka.fi *.husted-emballage.dk *.nordahl.se *.cloudfront.net *.clarity.ms *.bing.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.io https://*.facebook.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.criteo.com *.criteo.net *.packoplock.se *.packoplock.no *.napakka.fi *.husted-emballage.dk *.nordahl.se *.cloudfront.net *.clarity.ms *.bing.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.io https://*.facebook.com hyper2pay.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://8613cf7b5aa49eb161c6c41823830d87.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net * *.google.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.cardinalcommerce.com *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io *.google.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ * www.googletagmanager.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.cardinalcommerce.com *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.paypal.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com * validator.swagger.io *.ftcdn.net *.behance.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar cdn.mundipagg.com api.pagar.me *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com 'self' data: *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ * *.magento-ds.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 3ds2.pagar.me 3ds2-sdx.pagar.me *.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com * *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.googleapis.com *.google.com unsafe-inline assets.braintreegateway.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com * 'self' 'unsafe-inline'; manifest-src * 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net * qa-api.magedevteam.com *.sentry.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com api.mundipagg.com api.pagar.me brasilapi.com.br viacep.com.br servicodados.ibge.gov.br *.google.com google.com pay.sandbox.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src * *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: *.livechatinc.com https://td.doubleclick.net data: 'self' 'unsafe-inline'; form-action www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.packeta.com secure.payu.com merch-prod.snd.payu.com *.weltpixel.com *.livechatinc.com https://consentcdn.cookiebot.com/ *.doubleclick.net api.ratingcaptain.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.magezon.com static.payu.com *.hsforms.net *.hsforms.com 'self' data: *.gstatic.com *.facebook.com https://www.google.pl *.bing.com *.seznam.cz *.clarity.ms *.pricemania.sk https://imgsct.cookiebot.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com s7.addthis.com *.avada.io *.packeta.com secure.payu.com secure.snd.payu.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com *.livechatinc.com *.bing.com *.seznam.cz *.clarity.ms https://pixel.biano.cz https://consent.cookiebot.com *.biano.sk *.biano.cz *.biano.ro https://consentcdn.cookiebot.com https://api.ratingcaptain.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com tagmanager.google.com *.pricemania.sk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.packeta.com secure.payu.com merch-prod.snd.payu.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.facebook.net *.clarity.ms *.bing.com http://www.google-analytics.com *.livechatinc.com *.googlesyndication.com *.biano.cz *.biano.sk *.google.com *.analytics.google.com *.biano.ro https://consentcdn.cookiebot.com googleads.g.doubleclick.net api.ratingcaptain.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-Z63e0Ieu7zRvCcvITh-56fekXSEL3hk6'; base-uri 'none'; report-uri https://se.sanitino.eu/api/3/security/?sentry_key=b2d6b02f684b4691b5b10905f49956fa 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.klarnacdn.net *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.punchout2go.com instore.prisjakt.no 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.punchout2go.com *.trustpilot.com instore.prisjakt.no www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com https://images.unsplash.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.klarna.com *.klarnacdn.net *.klarnaservices.com *.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.punchout2go.com *.trustpilot.com instore.prisjakt.no www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.klarnacdn.net *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com *.punchout2go.com *.trustpilot.com instore.prisjakt.no 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.google-analytics.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com instore.prisjakt.no 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.cloudflare.com fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com cdn.rawgit.com cdn.jsdelivr.net data: maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.cloudflare.com cdn.dnky.co *.youtube.com *.hotjar.com *.google.com *.facebook.com *.trustpilot.com *.criteo.com bid.g.doubleclick.net *.googletagmanager.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.bird.eu ebizmarts-website.s3.amazonaws.com *.cloudflare.com www.google.com *.google.com.hk *.google.com.sg *.googleadservices.com www.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com www.linkedin.com linkedin.com www.googletagmanager.com googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net keewah.com *.keewah.com googleads.g.doubleclick.net p.teads.tv 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de chimpstatic.com *.plugins.emarsys.net *.scarabresearch.com *.cloudflare.com google.com www.google.com gstatic.com www.gstatic.com *.googletagmanager.com *.googleapis.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net www.googleoptimize.com www.clarity.ms *.datatrics.com *.criteo.net *.criteo.com *.youtube.com cdn.mouseflow.com appleid.cdn-apple.com googleads.g.doubleclick.net assets.emarsys.net *.teads.tv s7.addthis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zopim.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.scarabresearch.com *.eservice.emarsys.net *.cloudflare.com commerce.adobedc.net api.comapi.com analytics.google.com www.google-analytics.com maps.googleapis.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net www.clarity.ms *.facebook.com *.datatrics.com api.ipify.org api.hashify.net vmp.eftpay.com.cn ekr.zdassets.com/ *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.keewah.com/; report-to report-endpoint; 1
default-src 'self' *.sitepen.com; base-uri 'self'; child-src *; connect-src 'self' stats.g.doubleclick.net www.google-analytics.com region1.google-analytics.com; font-src 'self' fonts.gstatic.com use.typekit.net; form-action 'self'; frame-ancestors 'self'; frame-src *; img-src *; media-src *; object-src 'self'; report-to default; report-uri https://sitepen.report-uri.com/r/d/csp/reportOnly; script-src 'self' 'unsafe-inline' www.google-analytics.com player.vimeo.com; script-src-elem 'self' 'unsafe-inline' www.google-analytics.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; worker-src 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-fx_cTWrb0s5pzqma_B3U_g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' loja99oculos.com.br *.loja99oculos.com.br loja99oculos.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net *.mlstatic.com k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br *.mercadopago.com *.mercadopago.com.br *.paypal.com *.paypal.com.br *.paypalobjects.com secure.mlstatic.com *.loja99oculos.com.br *.opolen.com.br *.targeting.voxus.com.br *.getblue.io *.voxus.com.br recursos.loja99oculos.com.br *.voxus.tv api.voxus.tv *.loggly.com *.ipify.org api.ipify.org logs-01.loggly.com *.clearsale.com.br cdn.targeting.voxus.com.br targeting.voxus.com.br *.polen.com.br api.polen.com.br static.opolen.com.br *.edrone.me *.cloudfront.net s.pinimg.com *.hotjar.com static.hotjar.com dynamic.criteo.com dzpxyxks1bfmb.cloudfront.net *.criteo.net *.criteo.com *.pinterest.com *.gstatic.com *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store *.adyen.com *.pagar.me *.mundipagg.com *.braintree-api.com *.*.braintree-api.com *.braintreegateway.com *.*.braintreegateway.com *.pagseguro.com.br *.*.pagseguro.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.loja99oculos.com.br loja99oculos.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho 1
default-src 'self';base-uri 'self';frame-ancestors 'self' https://*.epic.com https://*.epichosted.com;frame-src 'self' epichttp: https://www.etz.nl;script-src 'nonce-c5d17fe9eb1a4f75aaa655eddf76a5d0' https://www.mijnetz.nl 'self';img-src 'self' blob: data: https://*.etz.net https://fonts.gstatic.com https://translate.google.com https://www.etz.nl https://www.mijnetz.nl;connect-src 'self' http://translate.googleapis.com;style-src https://www.mijnetz.nl 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;font-src 'self' https://fonts.gstatic.com;form-action 'self';media-src 'self' blob: https://www.etz.nl;report-uri https://mijnetznl.report-uri.com/r/t/csp/reportOnly; 1
font-src https://*.quadpay.com https://fonts.gstatic.com *.lewandmassager.com *.bvibe.com use.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://bid.g.doubleclick.net *.lewandmassager.com *.bvibe.com https://www.googletagmanager.com/ *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.quadpay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com shareasale.com *.bvibe.com *.lewandmassager.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.quadpay.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.gstatic.com https://www.google.com https://cdnjs.cloudflare.com *.lewandmassager.com *.bvibe.com *.impactcdn.com *.yotpo.com swellrewards.com *.swellrewards.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com https://static.klaviyo.com unsafe-inline https://fonts.gstatic.com https://fonts.googleapis.com *.lewandmassager.com *.bvibe.com *.yotpo.com swellrewards.com *.swellrewards.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.quadpay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://bvibe.pxf.io/ https://lewand-massager.sjv.io/ *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.cloudfront.net *.reviews.io *.reviews.co.uk *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com test.saferpay.com www.saferpay.com saferpay.com *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors *.storyblok.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ test.saferpay.com www.saferpay.com saferpay.com *.reviews.io *.reviews.co.uk https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com test.saferpay.com www.saferpay.com saferpay.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.storyblok.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js test.saferpay.com www.saferpay.com saferpay.com *.reviews.io *.reviews.co.uk *.storyblok.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://cdn.polyfill.io https://browser.sentry-cdn.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.storyblok.com https://static.klaviyo.com *.fontawesome.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com test.saferpay.com www.saferpay.com saferpay.com *.cloudfront.net *.reviews.io *.reviews.co.uk http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.ingest.sentry.io t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src test.saferpay.com www.saferpay.com saferpay.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com https://geowidget.easypack24.net 'self' data: fonts.bunny.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ pay.google.com pay-accept.bm.pl pay.bm.pl cards-accept.bm.pl cards.bm.pl *.klarna.com https://www.googletagmanager.com/ *.packeta.com secure.payu.com merch-prod.snd.payu.com https://geowidget-app.inpost.pl/ consentcdn.cookiebot.com *.facebook.com web.facebook.com trustmate.io pudofinder.dpd.com.pl td.doubleclick.net www.paypalobjects.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io platnosci.bm.pl www.gstatic.com *.klarna.com *.klarnaevt.com *.klarnacdn.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ static.payu.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org 'self' data: *.facebook.com/ *.google.pl bat.bing.com cdn.klarna.com *.analytics.google.com *.googleapis.com *.mapbox.com trustmate.io cdn.trustmate.io *.facebook.com www.google.pl *.wp.pl imgsct.cookiebot.com www.glami.sk multimedia.mail.desportivo.de magento2.bm.devmouse.pl multimedia.mail.desportivo.ro www.googletagmanager.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cards-accept.bm.pl cards.bm.pl pay.google.com *.klarna.com *.klarnacdn.net *.klarnaservices.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.packeta.com secure.payu.com secure.snd.payu.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.google.com *.gstatic.com www.googletagmanager.com d3bo67muzbfgtl.cloudfront.net consent.cookiebot.com consentcdn.cookiebot.com connect.facebook.net googleads.g.doubleclick.net bat.bing.com clarity.ms static.payu.com nominatim.openstreetmap.org cdngazeta.pl gazeta.pl google.pl mail.desportivo.pl ga.getresponse.com us-an.gr-cdn.com popups1-show.getresponse.com us-wbe.gr-cdn.com *.recostream.com trustmate.io trustmate.tech ga2.getresponse.com mail.desportivo.pl/de/rocz/sk wbe1.getresponse.com mail.desportivo.de mail.desportivo.ro mail.desportivo.cz mail.desportivo.sk recostream.com js-agent.newrelic.com/ *.wp.pl wp.pl pixel.wp.pl an.gr-wcon.com glamipixel.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com pay-accept.bm.pl pay.bm.pl cards-accept.bm.pl cards.bm.pl *.googleapis.com *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com https://geowidget.easypack24.net https://geowidget.inpost.pl *.gstatic.com secure.przelewy24.pl static.payu.com trustmate.io fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.packeta.com secure.payu.com merch-prod.snd.payu.com *.easypack24.net *.inpost.pl *.openstreetmap.org t.elasticsuite.io *.google-analytics.com api.edrone.me stream.cloud.witbee.com j.clarity.ms google.com google.pl *.analytics.google.com consentcdn.cookiebot.com googleads.g.doubleclick.net static.payu.com *.facebook.net *.facebook.com app2.recostream.com  ga2.getresponse.com/ bam.nr-data.net clk.leadexpert.pl www.google.com pixel.wp.pl popups1-show.getresponse.com ts.getresponse.pl popups1-s.getresponse.com metrics.desportivo.pl/g/collect pagead2.googlesyndication.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com 'self' data: *.salesfire.co.uk *.typekit.net *.klarnacdn.net fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.myfonts.net *.bootstrapcdn.com *.electromarket.co.uk *.tawk.to *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.twitter.com *.twimg.com *.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.reviews.io *.reviews.co.uk *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.salesfire.co.uk https://*.doubleclick.net https://*.google.com https://*.hotjar.com *.klarna.com *.google-analytics.com *.gstatic.com *.google.com *.trustpilot.com *.reviews.io *.reviews.co.uk *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.twitter.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.salesfire.co.uk https://*.doubleclick.net https://*.google.com https://*.google.co.uk *.cloudfront.net *.klarnacdn.net *.klarnaevt.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudflare.com *.googleadservices.com *.google-analytics.com *.google.com *.google.co.uk *.paypal.com *.doubleclick.net *.electromarket.co.uk destiny-files.com *.bronto.com *.tawk.to *.jsdelivr.net *.postcodeanywhere.co.uk *.reviews.io *.reviews.co.uk *.klarna.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.salesfire.co.uk *.postcodeanywhere.co.uk https://www.googletagmanager.com https://www.google.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com *.klarna.com *.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io player.vimeo.com *.cloudflare.com *.google-analytics.com *.googletagmanager.com *.google.com *.fontawesome.com *.divido.com *.electromarket.co.uk *.tawk.to *.pcapredict.com *.doubleclick.net *.trustpilot.com *.bronto.com *.jsdelivr.net *.reviews.io *.reviews.co.uk *.stripe.com klarna.com *.klarnaevt.com *.link.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.salesfire.co.uk *.typekit.net https://*.googleapis.com *.klarnacdn.net https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.gstatic.com *.myfonts.net *.electromarket.co.uk *.bootstrapcdn.com *.jsdelivr.net *.postcodeanywhere.co.uk *.cloudfront.net *.reviews.io *.reviews.co.uk *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.salesfire.co.uk *.smartmetrics.co.uk https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.cloudflare.com *.paypal.com *.electromarket.co.uk *.tawk.to wss://*.tawk.to *.google.com *.google-analytics.com *.doubleclick.net *.postcodeanywhere.co.uk *.brontops.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.com klarna.com *.link.com *.twitter.com *.twimg.com *.facebook.net https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src https://*.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.google.com *.vimeo.com vimeo.com *.demdex.net *.facebook.com *.pinterest.com *.pinterest.co.uk *.doubleclick.net *.googletagmanager.com *.criteo.com *.extforms.netsuite.com my.wolf1834.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://*.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cookiefirst.com *.gstatic.com *.pixriot.com *.storeimaging.com * data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cookiefirst.com *.googletagmanager.com tagmanager.google.com *.postcodeanywhere.co.uk *.pcapredict.com *.google.com *.google-analytics.com *.analytics.google.com *.gstatic.com *.doubleclick.net *.pinimg.com *.pinterest.com *.clarity.ms *.bing.com *.googleadservices.com *.googlesyndication.com *.criteo.com *.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com/ downloads.mailchimp.com https://static.klaviyo.com maxcdn.bootstrapcdn.com *.cookiefirst.com *.googletagmanager.com tagmanager.google.com *.bootstrapcdn.com *.postcodeanywhere.co.uk fonts.googleapis.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.vimeo.com vimeo.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cookiefirst.com google-analytics.com *.pixriot.com *.storeimaging.com *.doubleclick.net *.postcodeanywhere.co.uk *.demdex.net *.pinterest.com *.pinterest.co.uk *.google-analytics.com *.clarity.ms *.google.com google.com *.analytics.google.com *.googlesyndication.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://polyfill-fastly.io; script-src-attr 'self'; style-src 'self' https://cdnjs.cloudflare.com; style-src-attr 'self'; frame-ancestors 'self' 1
default-src 'self'; script-src 'self'  'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' images.philips.com encompass.com data: ; font-src 'self';connect-src 'self'; object-src 'none'; frame-ancestors 'self' *.infotip-rts-dev.com; form-action 'self'; media-src 'self';report-uri https://csp-reporting.infotip-rts.com/report-csp-violation 1
font-src *.gstatic.com data: data: 'self' 'unsafe-inline'; form-action *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com *.gstatic.com *.googleapis.com www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.googleapis.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src *; connect-src 'self' *.google.com www.google-analytics.com stats.g.doubleclick.net *.gigabyte.com.tw; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: www.googletagmanager.com www.googleadservices.com www.google-analytics.com *.google.com *.googleapis.com *.youtube.com *.facebook.com connect.facebook.net api.map.baidu.com cdn.jsdelivr.net cdnjs.cloudflare.com kxlogo.knet.cn *.doubleclick.net snap.licdn.com d.line-scdn.net *.hotjar.com *.go-mpulse.net *.gigabyte.com *.gigabyte.com.tw; style-src 'self' 'unsafe-inline' *.googleapis.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com code.jquery.com *.fontawesome.com *.gigabyte.com *.gigabyte.com.tw; img-src 'self' data: https: blob: http://faq.gigabyte.com; font-src 'self' fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.gigabyte.com *.gigabyte.com.tw data:; frame-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com http://www.youtube.com *.facebook.com *.doubleclick.net *.hotjar.com *.gigabyte.com *.gigabyte.com.tw;  1
font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com js.mollie.com https://contact.robinhq.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.mollie.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.doubleclick.net https://robincontentdesktop.blob.core.windows.net https://selfservice.robinhq.com https://www.google.nl https://www.google.com https://www.facebook.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com js.mollie.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.googleapis.com *.google.com *.gstatic.com https://*.googleadservices.com https://*.doubleclick.net https://robincontentdesktop.blob.core.windows.net https://selfservice.robinhq.com https://*.msecnd.net https://dc.services.visualstudio.com https://*.facebook.net https://chimpstatic.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://static.klaviyo.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.hyperstack.nl https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://dc.services.visualstudio.com https://js.maxmind.com https://www.google-analytics.com https://*.doubleclick.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com 'self' data: *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.zopim.com cdn.checkout.com *.global-e.com *.bglobale.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.twitter.com *.google.com *.trustpilot.com *.checkout.com *.bglobale.com *.global-e.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.google.com *.google.co.uk *.zopim.com *.doubleclick.net d23yuld0pofhhw.cloudfront.net *.googletagmanager.com *.global-e.com *.newrelic.com *.bglobale.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com *.googletagmanager.com *.googlecommerce.com *.doubleclick.net *.trustpilot.com *.zopim.com *.zdassets.com *.payments-amazon.com *.amazon.com *.local.com maps.googleapis.com *.checkout.com *.paypal.com *.bglobale.com *.global-e.com https://unpkg.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.googletagmanager.com tagmanager.google.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.fontawesome.com *.checkout.com *.bglobale.com *.global-e.com https://static.klaviyo.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.zdassets.com *.zopim.com *.amazon.com 'self' wss: *.checkout.com *.google-analytics.com *.doubleclick.net *.paypalobjects.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/about 1
default-src 'none'; script-src 'self' https://*.typekit.net/ https://*.clarity.ms/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://*.googleapis.com/ https://*.gstatic.com/ https://seal.thawte.com/ https://secure.bluepay.com https://seal.digicert.com/ https://www.safewayxchange.com/ 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.clarity.ms/ https://stats.g.doubleclick.net; img-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://dev.virtualearth.net/ data: https://seal.digicert.com https://www.google.com; style-src 'self' 'unsafe-inline' https://*.typekit.net/ https://fonts.googleapis.com/ https://*.gstatic.com; font-src 'self' https://*.typekit.net/ https://fonts.gstatic.com/ https://fonts.googleapis.com/; frame-src 'self' https://secure.bluepay.com https://www.safewayxchange.com/; object-src 'self'; media-src 'self' https://www.google-analytics.com/; manifest-src 'self'; frame-ancestors 'self'; report-uri https://08bfb48ddcee7d64057e88503ec1149f.report-uri.com/r/t/csp/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-7pRnKlaPNfqy5XgVwxGrhg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-9o5P6BgEDQvH72G9Fes6XQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com https://www.google.com/recaptcha/ *.weltpixel.com https://*.doubleclick.net https://ehub.cz https://*.gls-czech.cz https://*.packeta.com/ 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.koongo.com *.gstatic.com https://*.seznam.cz https://im9.cz https://*.google.cz https://*.facebook.com https://*.g.doubleclick.net https://*.mailkit.eu https://ehub.cz https://*.heureka.cz/ https://*.zbozi.cz flagpedia.net data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.avada.io *.fontawesome.com *.googleapis.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com https://*.googletagmanager.com https://*.smartlook.com https://*.smartlook.cloud https://*.heureka.cz https://*.mailkit.eu https://*.seznam.cz https://*.dognet.sk https://ehub.cz https://*.facebook.net https://*.googleadservices.com https://*.google-analytics.com https://*.googleapis.com https://*.packeta.com/ https://*.zbozi.cz/ https://im9.cz/ maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com cdnjs.cloudflare.com/ajax/libs/highlight.js/9.3.0/styles/darkula.min.css tagmanager.google.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com *.koongo.com https://www.google-analytics.com https://*.smartlook.com https://*.smartlook.cloud https://*.mailkit.eu https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.g.doubleclick.net https://ehub.cz https://widget.packeta.com www.gstatic.com maps.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.clearpay.co.uk *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.afterpay.com *.clearpay.co.uk *.trackedlink.net flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.afterpay.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net app.zinrelo.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com player.vimeo.com *.gstatic.com maps.googleapis.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com unpkg.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.afterpay.com/ *.squarecdn.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com maxcdn.bootstrapcdn.com *.gstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' localhost:* *.local:* 'unsafe-eval' 'unsafe-inline' distrelec-public.s3.eu-central-1.amazonaws.com *.bing.com *.cloudflare.com *.demdex.net *.emjcd.com smetrics.distrelec.ch *.distrelec.com *.dynamicyield.com *.ensighten.com *.pushengage.com *.optimizely.com connect.facebook.net *.facebook.com *.google.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com static.hotjar.com *.pushengage.com *.rapidspike.com *.reevoo.com *.emjcd.com *.mczbf.com *.thesmilingpencils.com *.eraser.thesmilingpencils.com *.gstatic.com *.snapeda.com *.reevoo.com *.perfdrive.com *.doubleclick.net *.exponea.com *.thisgreencolumn.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.distrelec.com *.doubleclick.net:* *.googletagmanager.com *.googleoptimize.com www.google-analytics.com *.gstatic.com *.ensighten.com *.pushengage.com *.rapidspike.com *.optimizely.com www.google.com *.clarity.ms snap.licdn.com:* *.bing.com *.thesmilingpencils.com *.mczbf.com *.snapeda.com *.pushengage.com:* *.reevoo.com connect.facebook.net *.facebook.com *.optimizely.com *.perfdrive.com *.exponea.com cdn.mxpnl.com *.stackadapt.com *.thisgreencolumn.com;object-src 'self' localhost:* *.local:* www.distrelec.de https://api.distrelec.com;connect-src 'self' localhost:* *.local:* api.feefo.com *.ensighten.com *.pushengage.com *.stackadapt.com *.optimizely.com *.reevoo.com *.clarity.ms *.google-analytics.com:* *.doubleclick.net:* *.distrelec.com *.bing.com *.thesmilingpencils.com *.mczbf.com *.optimizely.com *.perfdrive.com *.pushengage.com *.rapidspike.com *.exponea.com *.lucidworks.cloud *.snapeda.com snapeda.s3.amazonaws.com *.thisgreencolumn.com https://api.distrelec.com;img-src 'self' 'self' data: localhost:* *.local:* *.ensighten.com:* *.pushengage.com:* *.stackadapt.com:* *.optimizely.com:* *.google-analytics.com:* *.distrelec.com:* *.doubleclick.net:* *.google.co.uk *.google.ch *.googletagmanager.com *.google.co.in *.linkedin.com:* *.snapeda.com snapeda.s3.amazonaws.com *.thesmilingpencils.com *.reevoo.com connect.facebook.net *.facebook.com *.perfdrive.com *.thisgreencolumn.com https://media.distrelec.com;style-src * 'unsafe-eval' 'unsafe-inline';font-src 'self' *.reevoo.com *.gstatic.com;frame-src 'self' *.google.com *.youtube.com *.doubleclick.net spg.evopayments.eu *.facebook.com *.optimizely.com *.thisgreencolumn.com;report-uri https://api.distrelec.com/rest/v2/report/csp-report;upgrade-insecure-requests 1
object-src 'none';base-uri 'self';script-src 'nonce-Wf6Npxkb8WH7iYxHLb7Srw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self';    script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ingest.sentry.io *.acsbapp.com *.tiqcdn.com;    style-src 'self' 'unsafe-inline';    img-src 'self' blob: data: images.ctfassets.net otbnet.d3.sc.omtrdc.net;    media-src 'self' blob: data: dacastmmod-mmd-cust.lldns.net;    font-src 'self';    object-src 'none';    base-uri 'self';    form-action 'self';    frame-ancestors 'none';    upgrade-insecure-requests;    connect-src 'self' *.ingest.sentry.io *.acsbapp.com *.tiqcdn.com dacastmmod-mmd-cust.lldns.net otbnet.d3.sc.omtrdc.net; 1
font-src fonts.gstatic.com use.typekit.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.fontawesome.com maxcdn.bootstrapcdn.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com adobe.com adobedtm.com avada.io cardinalcommerce.com facebook.net klarnacdn.net klarnaevt.com link.com list-manage.com magento-datasolutions.com magento-ds.com search-admin-ui-qa.magento-datasolutions.com search-admin-ui.magento-ds.com sentry-cdn.com sentry.io stripe.com telemetry-dev.adobe.io trustpilot.com vimeocdn.com youtube.com amcglobal.sc.omtrdc.net analytics.google.com cdn.jsdelivr.net/npm/@adobe/ commerce.adobe.net commerce.adobedtm.com downloads.mailchimp.com geoapi.cardinalcommerce.com geostag.cardinalcommerce.com googleads.g.doubleclick.net includestest.ccdc02.com m2epro.freshdesk.com magento-recs-sdk.adobe.net platform.twitter.com s.ytimg.com t.paypal.com tagmanager.google.com twitter.com unpkg.com unpkg.com/@adobe/ vimeo.com widget.freshworks.com bat.bing.com *.clarity.ms www.dwin1.com wisepops.net *.wisepops lantern.roeyecdn.com js-agent.newrelic.com bam.nr-data.net *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com adobe.com adobedtm.com avada.io cardinalcommerce.com facebook.net klarna.com klarnacdn.net klarnaevt.com link.com list-manage.com magento-datasolutions.com magento-ds.com search-admin-ui-qa.magento-datasolutions.com search-admin-ui.magento-ds.com sentry-cdn.com sentry.io stripe.com telemetry-dev.adobe.io trustpilot.com vimeocdn.com youtube.com amcglobal.sc.omtrdc.net analytics.google.com cdn.jsdelivr.net/npm/@adobe/ commerce.adobe.net commerce.adobedtm.com downloads.mailchimp.com geoapi.cardinalcommerce.com googleads.g.doubleclick.net includestest.ccdc02.com m2epro.freshdesk.com magento-recs-sdk.adobe.net platform.twitter.com s.ytimg.com t.paypal.com tagmanager.google.com twitter.com unpkg.com use.typekit.net vimeo.com widget.freshworks.com bat.bing.com *.clarity.ms www.dwin1.com wisepops.net *.wisepops lantern.roeyecdn.com js-agent.newrelic.com bam.nr-data.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com www.google.com account.fetchify.com www.facebook.com platform.twitter.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com adobe.com adobedtm.com avada.io cardinalcommerce.com facebook.net klarnacdn.net klarnaevt.com link.com list-manage.com magento-datasolutions.com magento-ds.com search-admin-ui-qa.magento-datasolutions.com search-admin-ui.magento-ds.com sentry-cdn.com sentry.io stripe.com telemetry-dev.adobe.io trustpilot.com vimeocdn.com youtube.com amcglobal.sc.omtrdc.net analytics.google.com cdn.jsdelivr.net/npm/@adobe/ commerce.adobe.net commerce.adobedtm.com downloads.mailchimp.com geoapi.cardinalcommerce.com googleads.g.doubleclick.net includestest.ccdc02.com m2epro.freshdesk.com magento-recs-sdk.adobe.net s.ytimg.com t.paypal.com tagmanager.google.com twitter.com unpkg.com use.typekit.net vimeo.com widget.freshworks.com bat.bing.com *.clarity.ms www.dwin1.com wisepops.net *.wisepops lantern.roeyecdn.com js-agent.newrelic.com bam.nr-data.net *.trustpilot.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com adobe.com adobedtm.com avada.io cardinalcommerce.com facebook.net klarna.com klarnacdn.net klarnaevt.com link.com list-manage.com magento-datasolutions.com magento-ds.com sentry-cdn.com sentry.io stripe.com telemetry-dev.adobe.io trustpilot.com vimeocdn.com youtube.com cdn.jsdelivr.net/npm/@adobe/ commerce.adobe.net commerce.adobedtm.com geoapi.cardinalcommerce.com geostag.cardinalcommerce.com includestest.ccdc02.com m2epro.freshdesk.com magento-recs-sdk.adobe.net platform.twitter.com s.ytimg.com tagmanager.google.com twitter.com unpkg.com use.typekit.net vimeo.com widget.freshworks.com bat.bing.com *.clarity.ms www.dwin1.com wisepops.net *.wisepops lantern.roeyecdn.com js-agent.newrelic.com bam.nr-data.net *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com assets.adobedtm.com commerce.adobe.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io connect.facebook.net twitter.com platform.twitter.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com adobe.com adobedtm.com avada.io cardinalcommerce.com facebook.net klarnacdn.net klarnaevt.com link.com list-manage.com magento-datasolutions.com magento-ds.com sentry-cdn.com sentry.io stripe.com telemetry-dev.adobe.io trustpilot.com vimeocdn.com youtube.com tagmanager.google.com unpkg.com bat.bing.com *.clarity.ms www.dwin1.com wisepops.net *.wisepops lantern.roeyecdn.com js-agent.newrelic.com bam.nr-data.net *.trustpilot.com https://www.googletagmanager.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.magento-datasolutions.com *.magento-ds.com downloads.mailchimp.com widget.freshworks.com m2epro.freshdesk.com cc-cdn.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com adobe.com adobedtm.com avada.io cardinalcommerce.com facebook.net klarna.com klarnacdn.net klarnaevt.com link.com list-manage.com magento-datasolutions.com magento-ds.com sentry-cdn.com sentry.io stripe.com telemetry-dev.adobe.io trustpilot.com vimeocdn.com youtube.com analytics.google.com cdn.jsdelivr.net/npm/@adobe/ commerce.adobe.net commerce.adobedtm.com geoapi.cardinalcommerce.com geostag.cardinalcommerce.com googleads.g.doubleclick.net includestest.ccdc02.com magento-recs-sdk.adobe.net platform.twitter.com s.ytimg.com t.paypal.com tagmanager.google.com twitter.com unpkg.com use.typekit.net vimeo.com bat.bing.com *.clarity.ms www.dwin1.com wisepops.net *.wisepops lantern.roeyecdn.com js-agent.newrelic.com bam.nr-data.net *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com *.snplow.net commerce.adobedc.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com widget.freshworks.com m2epro.freshdesk.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com adobe.com adobedtm.com avada.io cardinalcommerce.com facebook.net klarnacdn.net klarnaevt.com link.com list-manage.com magento-datasolutions.com magento-ds.com sentry-cdn.com sentry.io stripe.com trustpilot.com vimeocdn.com youtube.com cdn.jsdelivr.net/npm/@adobe/ commerce.adobe.net commerce.adobedtm.com downloads.mailchimp.com geoapi.cardinalcommerce.com googleads.g.doubleclick.net includestest.ccdc02.com magento-recs-sdk.adobe.net platform.twitter.com s.ytimg.com t.paypal.com tagmanager.google.com twitter.com unpkg.com use.typekit.net bat.bing.com *.clarity.ms www.dwin1.com wisepops.net *.wisepops lantern.roeyecdn.com js-agent.newrelic.com bam.nr-data.net *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com adobe.com adobedtm.com avada.io cardinalcommerce.com facebook.net klarna.com klarnacdn.net klarnaevt.com link.com list-manage.com magento-datasolutions.com magento-ds.com sentry-cdn.com sentry.io stripe.com trustpilot.com vimeocdn.com youtube.com analytics.google.com cdn.jsdelivr.net/npm/@adobe/ commerce.adobe.net commerce.adobedtm.com downloads.mailchimp.com geoapi.cardinalcommerce.com geostag.cardinalcommerce.com googleads.g.doubleclick.net includestest.ccdc02.com m2epro.freshdesk.com magento-recs-sdk.adobe.net platform.twitter.com s.ytimg.com t.paypal.com tagmanager.google.com twitter.com unpkg.com unpkg.com/@adobe/ use.typekit.net vimeo.com widget.freshworks.com bat.bing.com *.clarity.ms www.dwin1.com wisepops.net *.wisepops lantern.roeyecdn.com js-agent.newrelic.com bam.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com s7.addthis.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com ekr.zdassets.com/ www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://www.google-analytics.com *.yotpo.com cdnjs.cloudflare.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.gstatic.com conectiva.io app.cartstack.com.br www.googletagmanager.com *.doubleclick.net www.google.com cdnjs.cloudflare.com images.tcdn.com.br www.google.com.br ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: *.intercomcdn.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com *.facebook.com *.mobilpay.ro 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.addthis.com *.facebook.com *.twitter.com *.creativecdn.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com dacia-ro.os.tc *.google.com *.doubleclick.net *.cookiebot.com *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.addthisedge.com *.twitter.com *.smartsuppcdn.com *.linkedin.com *.docomo.ne.jp *.e-planning.net *.media.net *.smaato.net *.rakuten.com *.gumgum.com *.opera.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com 'self' data: *.google.com *.google.ro *.googletagmanager.com *.ibb.co contactrenaultgroup.secure.force.com *.salesforceliveagent.com *.intercomcdn.com *.gstatic.com *.facebook.com trusted.ro *.analytics.yahoo.com *.pinterest.com *.kafune.ro data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.net *.twitter.com *.smartlook.com *.licdn.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com s7.addthis.com *.avada.io *.gstatic.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.hsforms.net *.hsforms.com *.google.com *.googleoptimize.com *.googletagmanager.com onesignal.com *.onesignal.com *.intercom.io *.intercomcdn.com *.salesforceliveagent.com *.googleapis.com *.yimg.com *.retargeting.biz *.retargeting.app *.cookiebot.com *.mczbf.com *.pinimg.com *.smartsuppchat.com *.smartsuppcdn.com *.smartsupp.com *.creativecdn.com *.pinterest.com *.tiktok.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.smartsuppcdn.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline *.googleapis.com *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.intercomcdn.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.ro *.smartlook.cloud *.cookiebot.com *.tiktok.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com ekr.zdassets.com/ https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.doubleclick.net *.intercom.io wss://nexus-websocket-a.intercom.io wss://ah-pusher.gd.ro *.webrci.ro *.yimg.com cdn.cookielaw.org *.retargeting.app *.smartsuppchat.com *.pinterest.com *.googleapis.com *.smartsuppcdn.com *.smartsupp.com wss://websocket-visitors.smartsupp.com *.creativecdn.com *.sjwoe.com *.mczbf.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; base-uri 'none'; connect-src https: wss:; font-src https:; form-action 'self'; frame-ancestors 'self'; frame-src https:; img-src https: data:; object-src 'none'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; upgrade-insecure-requests; report-uri https://kosik.bauhaus.sk/csp_report; 1
font-src *.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com/ https://consent.cookiefirst.com https://edge.cookiefirst.com https://api.cookiefirst.com fonts.gstatic.com *.googleapis.com *.gstatic.com https://geowidget.easypack24.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com sandbox.przelewy24.pl secure.przelewy24.pl addtoany.com bam.eu01.nr-data.net https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.youtube.com https://www.instagram.com pay.google.com https://geowidget-app.inpost.pl/ *.addtoany.com bam.eu01.nr-data.net https://plumrocket.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com https://www.facebook.com https://www.google.de https://www.google.en https://www.google.pl https://www.google.com.ua https://www.google.com static.przelewy24.pl www.gstatic.com gstatic.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.addtoany.com bam.eu01.nr-data.net https://meetanshi.com/media/logo.png data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleservices.com https://v2.zopim.com https://consent.cookiefirst.com https://edge.cookiefirst.com https://api.cookiefirst.com https://connect.facebook.net https://region1.google-analytics.com https://analytics.google.com https://www.instagram.com sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com https://ipinfo.io *.avada.io *.fontawesome.com *.googleapis.com *.gstatic.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.addtoany.com bam.eu01.nr-data.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://consent.cookiefirst.com https://www.google.com https://www.gstatic.com https://fast.fonts.net https://secure.przelewy24.pl https://edge.cookiefirst.com https://api.cookiefirst.com fonts.googleapis.com *.googleapis.com *.addtoany.com https://geowidget.easypack24.net https://geowidget.inpost.pl 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com https://widget-mediator.zopim.com https://consent.cookiefirst.com https://edge.cookiefirst.com https://api.cookiefirst.com https://www.facebook.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com https://get.geojs.io *.avada.io http://dpm.demdex.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.addtoany.com bam.eu01.nr-data.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-eQbYNRuivkL-Cc_aZFAx1A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.gstatic.com www.facebook.com web.facebook.com www.google-analytics.com stats.g.doubleclick.net fonts.gstatic.com *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com *.google.com.ua *.google.co.uk web.facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.doubleclick.net web.facebook.com www.google.com.vn www.google.com stats.g.doubleclick.net minio.infra.omicrm.com via.placeholder.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.googletagmanager.com *.doubleclick.net www.googletagmanager.com www.google.com www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.googletagmanager.com fonts.googleapis.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google-analytics.com *.google.com web.facebook.com www.google-analytics.com stats.g.doubleclick.net minio.infra.omicrm.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.onei3.com *.google-analytics.com *.amplitude.com www.googletagmanager.com maps.googleapis.com *.arcgisonline.com; script-src 'self' 'unsafe-inline' *.onei3.com 'unsafe-eval' cdnjs.cloudflare.com/ajax/libs/ maps.googleapis.com *.amplitude.com *.google-analytics.com www.googletagmanager.com tagmanager.google.com; img-src 'self' *.onei3.com data: cdn.amcharts.com/lib/3/images/dragIconRectSmall.svg *.gstatic.com *.googleapis.com *.ggpht.com res.cloudinary.com *.arcgisonline.com *.google-analytics.com www.googletagmanager.com www.ztr.com/sites/default/files/ztr_logo_black.png; style-src 'self' 'unsafe-inline' *.onei3.com cdnjs.cloudflare.com/ajax/libs/ fonts.googleapis.com tagmanager.google.com pro.fontawesome.com/releases/ res.cloudinary.com maxcdn.bootstrapcdn.com/bootstrap/; font-src 'self' data: *.onei3.com cdnjs.cloudflare.com/ajax/libs/ fonts.gstatic.com netdna.bootstrapcdn.com/bootstrap/ pro.fontawesome.com/releases/ maxcdn.bootstrapcdn.com/bootstrap/; connect-src 'self' *.onei3.com cdnjs.cloudflare.com/ajax/libs/ *.arcgis.com *.amplitude.com *.arcgisonline.com maps.googleapis.com s3.amazonaws.com www.googletagmanager.com *.google-analytics.com stats.g.doubleclick.net; frame-src 'self' *.onei3.com fs.takeuchi-us.com; report-uri /api/csp 1
font-src *.typekit.net data: *.hotjar.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors platform.twitter.com *.digitalriver.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://js.digitalriverws.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com platform.twitter.com vod-progressive.akamaized.net social-plugins.line.me *.digitalriver.com *.hotjar.com www.facebook.com *.googletagmanager.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://ui1.img.digitalrivercontent.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com syndication.twitter.com www.google.com www.google.co.jp www.facebook.com *.hotjar.com *.googletagmanager.com as.246select.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://js.digitalriverws.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com platform.twitter.com *.typekit.net www.youtube.com www.line-website.com d.line-scdn.net players.brightcove.net *.digitalriver.com js-agent.newrelic.com bam.nr-data.net *.facebook.net *.facebook.com *.hotjar.com *.googletagmanager.com as.246select.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://js.digitalriverws.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.typekit.net *.digitalriver.com *.hotjar.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com player.vimeo.com vod-progressive.akamaized.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com platform.twitter.com vimeo.com bam.nr-data.net www.facebook.com stats.g.doubleclick.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.googletagmanager.com as.246select.com *.vimeocdn.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com *.facebook.com *.google.co.il *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.flashyapp.com api.flashy.app *.flashy.dev *.cardinalcommerce.com *.paypal.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.googleapis.com *.facebook.com *.gstatic.com *.google.co.il *.criteo.com *.humanz.com *.zdassets.com *.criteo.net *.weltpixel.com *.flashyapp.com api.flashy.app *.flashy.dev c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com https://accounts.google.com *.pelecard.biz *.wesupply.xyz https://wesupplylabs.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleadservices.com *.google-analytics.com *.google.com *.google.com.vn *.google.co.il https://www.google *.magentocommerce.com *.paypal.com *.paypalobjects.com *.ytimg.com *.adscale.com *.facebook.com *.outbrain.com www.xtento.com *.doubleclick.net *.googleapis.com *.web-view.net *.google.com.sg *.adnxs.com *.tremorhub.com *.zdassets.com *.criteo.com *.humanz.com *.zendesk.com https://eb2.3lift.com *.tapad.com https://s.ad.smaato.net *.sharethrough.com *.360yield.com *.omnitagjs.com *.yahoo.net https://ad.tpmn.io *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.tpmn.co.kr *.clmbtech.com *.mediawallahscript.com *.imrworldwide.com *.agkn.com *.crwdcntrl.net *.exelator.com *.contextweb.com *.bluekai.com *.pubmatic.com *.liadm.com *.emxdgt.com *.bing.com *.yieldmo.com *.casalemedia.com *.stickyadstv.com *.mediavine.com *.postrelease.com *.revcontent.com *.bidswitch.net https://ws.rqtrk.eu https://match.adsrvr.org www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.nagich.co.il https://meshulam.co.il *.facebook.com *.gstatic.com *.google.co.il *.flashyapp.com *.facebook.net *.google-analytics.com *.newrelic.com *.doubleclick.net *.weezmo.com *.glassix.com https://system.user-a.co.il *.google.com *.googletagmanager.com *.analytics.com *.xtento.com *.paypal.com *.paypalobjects.com *.web-view.net *.jquery.com *.entrust.net *.zdassets.com *.criteo.com *.humanz.com *.zendesk.com api.flashy.app *.flashy.dev *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://accounts.google.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.facebook.com *.gstatic.com *.google.co.il *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline https://accounts.google.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.nagich.co.il *.facebook.com *.gstatic.com *.google.co.il *.zdassets.com *.criteo.com *.humanz.com *.zendesk.com *.amazonaws.com *.doubleclick.net *.flashyapp.com api.flashy.app *.flashy.dev https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://accounts.google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.anyday.io *.googleapis.com *.gstatic.com *.fontawesome.com *.zopim.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.facebook.com *.cookieinformation.com *.trustpilot.com *.doubleclick.net pricetag.viabill.com event-client.viabill.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.hotjar.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com *.facebook.com maps.googleapis.com *.googleapis.com maps.gstatic.com *.google.dk blob: *.sleeknote.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.anyday.io *.zopim.com *.google.com *.google.ru *.doubleclick.net *.pricerunner.dk *.ytimg.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.facebook.net *.facebook.com *.cloudfront.net *.helloretail.com *.cookieinformation.com *.trustpilot.com *.getdrip.com *.googleapis.com *.sleeknote.com pricetag.viabill.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com *.gstatic.com *.anyday.io *.clickcease.com *.addwish.com *.zopim.com *.zdassets.com *.ipaper.io *.hotjar.com chimpstatic.com *.chimpstatic.com *.reaktion.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com *.cloudfront.net data: *.googleapis.com *.fontawesome.com *.ipaper.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://core.helloretail.com https://helloretailcdn.com *.googleapis.com *.hotjar.com *.google.com *.google-analytics.com *.zendesk.com *.doubleclick.net *.cookieinformation.com *.sleeknote.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.helloretail.com *.addwish.com *.zopim.com wss://*.zopim.com *.zdassets.com *.ipaper.io *.reaktion.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.pulsure.dk/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-GYcwOOZJTU3vsPJEmtxskw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com *.facebook.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; frame-src https://td.doubleclick.net/ fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com *.weltpixel.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; frame-ancestors unsafe-inline td.doubleclick.net 'self'; connect-src www.google-analytics.com stats.g.doubleclick.net/j/ https://region1.analytics.google.com/g/collect?v=2&tid=G-N17VEB31WR&gtm=45je45m0v889353365z8899230859za200zb899230859 https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://stats.g.doubleclick.net/g/ https://www.googletagmanager.com/gtag https://www.googletagmanager.com/ https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/destination dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com widget.freshworks.com m2epro.freshdesk.com https://*.ingest.sentry.io https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com www.gstatic.com maps.googleapis.com https://www.google-analytics.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.google-analytics.com analytics.google.com *.facebook.net 'self' 'unsafe-inline'; img-src data: www.google.bg/pagead/ www.google.com/pagead/ www.facebook.com/tr/ maps.googleapis.com www.google.bg/ads/ga-audiences www.google.com/ads/ga-audiences assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.alothemes.com *.magepow.com flagpedia.net *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; style-src maxcdn.bootstrapcdn.com fonts.googleapis.com https://static-tracking.klaviyo.com/ *.adobe.com downloads.mailchimp.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com *.fontawesome.com *.alothemes.com *.magepow.com *.gstatic.com https://fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; font-src maxcdn.bootstrapcdn.com fonts.gstatic.com googleapis.com static.klaviyo.com *.fontawesome.com *.alothemes.com *.magepow.com https://fonts.gstatic.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com data: 'self' 'unsafe-inline'; script-src connect.facebook.com connect.facebook.net facebook.com googleads.g.doubleclick.net www.google-analytics.com www.google.com/pagead/ www.google.bg/pagead/ www.facebook.com/tr/ maps.googleapis.com ajax.cloudflare.com/cdn-cgi/scripts/ ssets.adobedtm.com secure.authorize.net test.authorize.net js.braintreegateway.com assets.adobedtm.com *.adobe.com www.googleadservices.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com www.facebook.com graph.facebook.com chimpstatic.com downloads.mailchimp.com *.list-manage.com widget.freshworks.com m2epro.freshdesk.com https://cdn.polyfill.io https://browser.sentry-cdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.alothemes.com *.magepow.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com analytics.google.com *.facebook.net unpkg.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
font-src *.googleapis.com *.gstatic.com data: https://x.klarnacdn.net/ https://use.fontawesome.com https://stackpath.bootstrapcdn.com https://fonts.gstatic.com 'self' data: *.klarnacdn.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com https://www.facebook.com/ https://payments.securetrading.net 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://www.youtube.com *.youtube-nocookie.com www.google.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com https://player.vimeo.com *.trustpilot.com https://vars.hotjar.com https://www.facebook.com https://www.google.com https://secure.livechatinc.com https://www.pinterest.co.uk https://payments.securetrading.net www.xtento.com account.fetchify.com *.klarna.com *.google.com/ webservices.securetrading.net *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.gstatic.com *.googleapis.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.google.com https://www.google.co.uk https://stats.g.doubleclick.net https://www.facebook.com https://cdn.livechatinc.com https://cladcodecking.co.uk https://c.clarity.ms https://www.cladcodecking.co.uk https://*.bing.com https://www.googletagmanager.com www.xtento.com cdn.xtento.com https://www.magezon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ maps.gstatic.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com pinterest.com www.pinterest.com s.pinimg.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://www.googletagmanager.com https://chimpstatic.com *.trustpilot.com https://widget.trustpilot.com https://invitejs.trustpilot.com https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://www.google.com https://www.gstatic.com http://bat.bing.com https://cdn.livechatinc.com https://secure.livechatinc.com *.google.com/ https://bam.eu01.nr-data.net/ https://bam-cell.nr-data.net https://www.google-analytics.com https://*.clarity.ms https://www.clarity.ms https://eu-library.klarnaservices.com https://apps.elfsight.com/ https://js-agent.newrelic.com/ https://ws.zoominfo.com/ https://static.elfsight.com/ player.vimeo.com www.xtento.com cdn.xtento.com widget.freshworks.com m2epro.freshdesk.com *.klarna.com *.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com webservices.securetrading.net songbirdstag.cardinalcommerce.com maps.googleapis.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com downloads.mailchimp.com https://use.fontawesome.com https://stackpath.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com https://x.klarnacdn.net *.trustpilot.com widget.freshworks.com m2epro.freshdesk.com cc-cdn.com *.klarnacdn.net https://static.klaviyo.com *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com https://cdn.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com *.googleapis.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com https://use.fontawesome.com https://vc.hotjar.io https://in.hotjar.com https://api.craftyclicks.co.uk https://bat.bing.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googleadservices.com https://*.clarity.ms https://www.google.co.uk https://rcgmal4n.klarnaservices.com/ https://bam.eu01.nr-data.net/ https://region1.analytics.google.com/ widget.freshworks.com m2epro.freshdesk.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ o402164.ingest.sentry.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://portal.envisagedigital.co.uk/api/website/brtj8tbu2q/report-uri; report-to report-endpoint; 1
font-src *.fontawesome.com instantcredit.net test.instantcredit.net https://oct8necdneu.azureedge.net *.gstatic.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.paycomet.com api.paycomet.com 'self' 'unsafe-inline'; frame-ancestors localhost:* *.motive.co 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.paycomet.com api.paycomet.com instantcredit.net test.instantcredit.net https://sandbox.sequracdn.com https://live.sequracdn.com https://sandbox.sequrapi.com https://live.sequrapi.com https://consentcdn.cookiebot.com https://www.salesmanago.pl https://app3.salesmanago.pl https://www.salesmanago.com https://backoffice-eu.oct8ne.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io cdn.doofinder.com *.motive.co instantcredit.net test.instantcredit.net https://sandbox.sequracdn.com https://live.sequracdn.com https://sandbox.sequrapi.com https://live.sequrapi.com https://www.google.com https://www.google.es https://rt.flix360.com https://oct8necdneu.azureedge.net http://media.flixcar.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.doofinder.com *.avada.io *.motive.co www.paycomet.com api.paycomet.com instantcredit.net test.instantcredit.net code.jquery.com https://sandbox.sequracdn.com https://live.sequracdn.com https://sandbox.sequrapi.com https://live.sequrapi.com https://cdn.doofinder.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://www.google.com https://js-agent.newrelic.com https://bam.nr-data.net http://media.flixfacts.com https://prod.flixgvid.flix360.io http://media.flixcar.com https://cdn.loadbee.com http://widgets.trustedshops.com https://cdn.connectif.cloud https://static-eu.oct8ne.com https://cdn.aplazame.com *.trustpilot.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.doofinder.com *.fontawesome.com instantcredit.net test.instantcredit.net https://integrations.etrusted.com http://media.flixcar.com *.trustpilot.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net https://vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.doofinder.com wss://*.doofinder.com https://get.geojs.io *.avada.io *.motive.co instantcredit.net *.instantcredit.net https://sandbox.sequracdn.com https://live.sequracdn.com https://sandbox.sequrapi.com https://live.sequrapi.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://www.youtube.com https://youtu.be https://js-agent.newrelic.com https://bam.nr-data.net https://api.aplazame.com https://frontal-eu.oct8ne.com https://backoffice-eu.oct8ne.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: ; report-uri https://csp.rcahms.gov.uk/bfa-live; 1
font-src *.stripe.com *.google.com *.opayo.eu.elavon.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.stripe.com *.google.com *.opayo.eu.elavon.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.stripe.com *.google.com *.opayo.eu.elavon.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.stripe.com *.google.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.paypal.com *.opayo.eu.elavon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com www.xtento.com cdn.xtento.com staging.quba.com www.google.co.in www.facebook.com *.clarity.ms c.bing.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.stripe.com *.google.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.opayo.eu.elavon.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com static.hotjar.com www.clarity.ms cdnjs.cloudflare.com script.hotjar.com connect.facebook.net https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.stripe.com *.google.com downloads.mailchimp.com *.opayo.eu.elavon.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.sandbox.paypal.com https://www.paypal.com *.stripe.com *.google.com *.paypal.com *.opayo.eu.elavon.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com stats.g.doubleclick.net u.clarity.ms 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src http: https: *.phoebephilo.com https://abd3-38d62d1bc3ff-prod.phoebephilo.com/ 'nonce-owVmL3o6MdsBE00G1ziLqJFMwPcZy3mEpe1EqPsn3JDFR'; style-src 'self' *.phoebephilo.com blob: https: 'unsafe-inline' https://abd3-38d62d1bc3ff-prod.phoebephilo.com/; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com data:; frame-src assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com *.adyen.com *.paypal.com *.inside-graph.com *.phoebephilo.com 1
img-src https://higherlogicdownload.s3.amazonaws.com/AWB/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AWB/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/AWB/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' https://higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AWB/ https://higherlogicdownload.s3.amazonaws.com/AWB/ https://higherlogiclongterm.s3.amazonaws.com/AWB/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogiccloudfront.s3.amazonaws.com https://higherlogicdownload.s3.amazonaws.com/AWB/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AWB/ 'self' https://higherlogiclongterm.s3.amazonaws.com/AWB/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; media-src https://higherlogiclongterm.s3.amazonaws.com/AWB/ https://higherlogicdownload.s3.amazonaws.com/AWB/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AWB/ https://higherlogicstream.s3.amazonaws.com/AWB/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/AWB/ https://higherlogicdownload.s3.amazonaws.com/AWB/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/hlqui-2024-05-08.js https://d132x6oi8ychic.cloudfront.net https://cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AWB/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/hlq-2024-05-08.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; script-src-elem https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/hlqui-2024-05-08.js https://d3uf7shreuzboy.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/hlq-2024-05-08.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; default-src 'self'; base-uri 'self'; connect-src 'self' https://hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1
default-src * https: data: blob: 'unsafe-inline' 'unsafe-hashes'; 1
upgrade-insecure-requests; default-src 'self' https://*.motorcar.com https://*.ebizautos.media; img-src *; script-src 'self' 'unsafe-inline' *; font-src *; media-src *; frame-src *; manifest-src 'self'; style-src 'self' 'unsafe-inline' *; connect-src https://*; object-src 'none'; worker-src 'none'; base-uri 'self'; report-uri https://ebizautos.report-uri.com/r/t/csp/reportOnly; 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com data: *.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.sharethis.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.sharethis.com *.gstatic.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.sharethis.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.sharethis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.magento-datasolutions.com *.magento-ds.com *.sharethis.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com snap.licdn.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com use.typekit.net munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.googleapis.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * api.bazaarvoice.com stg.api.bazaarvoice.com *.cordialdev.com *.cordial.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cordialdev.com *.cordial.com *.cordial.io *.weltpixel.com https://player.vimeo.com https://www.youtube-nocookie.com *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com imgsct.cookiebot.com *.facebook.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com polyfill.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.cordialdev.com *.cordial.com track.cordial.io edge.curalate.com d.p.email.balega.com acsbapp.com consent.cookiebot.com implus.atlassian.net https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com https://player.vimeo.com https://www.youtube.com *.cloudflare.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com display.ugc.bazaarvoice.com tagmanager.google.com https://fonts.googleapis.com http://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.cordialdev.com *.cordial.com acsbapp.com cdn.acsbapp.com edge.curalate.com stats.g.doubleclick.net *.google-analytics.com *.facebook.net https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com https://www.gstatic.com https://fonts.gstatic.com static.zip.co *.afterpay.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com api.bazaarvoice.com stg.api.bazaarvoice.com https://secure-test.worldpay.com/shopper/3ds/ddc.html *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.sharethis.com https://*.google.com *.doubleclick.net *.facebook.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com https://pay.google.com https://secure-test.worldpay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net https://static.afterpay.com https://site-assets.afterpay.com/ *.sharethis.com 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com https://*.googleapis.com https://*.googleusercontent.com https://maps.gstatic.com zip.co bpi.zip.co *.afterpay.com *.cloudflare.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com www.xtento.com cdn.xtento.com t.zip.co static.zipmoney.com.au data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.sharethis.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.gstatic.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://maps.googleapis.com snapwidget.com *.zip.co d35p4vvdul393k.cloudfront.net *.optimonk.com https://www.google.com/recaptcha/api.js *.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://applepay.cdn-apple.com/jsapi/v1/apple-pay-sdk.js https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com www.xtento.com cdn.xtento.com static.zipmoney.com.au zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.sharethis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com display.ugc.bazaarvoice.com https://fonts.googleapis.com zip.co bpi.zip.co *.afterpay.com *.cloudflare.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.sharethis.com *.google-analytics.com *.facebook.com *.facebook.net https://*.google.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://maps.googleapis.com *.zipmoney.com.au *.zip.co *.afterpay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com static.livefish.com.au data: maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://seo.mageplaza.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.limepay.com.au *.meetapril.io *.au.meetapril.io c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com https://meetanshi.com/media/logo.png moogento.com *.moogento.com * quickchart.io https://storage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.limepay.com.au *.au.meetapril.io *.moogento.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.ytimg.com *.wisermapp.com *.moogento.io *.facebook.net *.facebook.com *.doubleclick.net *.lr-in-prod.com static.livefish.com.au *.helpscout.net *.mailerlite.com https://static.mailerlite.com *.wisernotify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.fontawesome.com static.livefish.com.au *.mailerlite.com *.wisernotify.com *.moogento.io assets.braintreegateway.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src static.livefish.com.au 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.limepay.com.au *.meetapril.io *.au.meetapril.io *.doubleclick.net *.googleapis.com *.facebook.com *.lr-in-prod.com *.cloudfront.net static.livefish.com.au *.wisermapp.com *.azurewebsites.net *.moogento.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://livefish.com.au/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-A8nJLMULTf7YFGh1zkgofQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src cl.avis-verifies.com *.criteo.net *.criteo.com *.adsrvr.org *.googlesyndication.com *.petitceller.com *.payments-amazon.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.redsys.es *.facebook.com *.amazon.es *.petitceller.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.amazon.es *.petitceller.com *.opiniones-verificadas.com *.avis-verifies.com *.googlesyndication.com c.avis-verifies.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.redsys.es *.facebook.com consentcdn.cookiebot.com *.amazon.com *.amazon.es *.criteo.com *.criteo.net *.opiniones-verificadas.com *.avis-verifies.com c.avis-verifies.com *.adsrvr.org *.googlesyndication.com *.petitceller.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.collect.igodigital.com *.cloudfront.net cl.avis-verifies.com *.google.com *.google.es *.facebook.com *.adsrvr.org *.clarity.ms *.rfihub.com *.doubleclick.net *.casalemedia.com *.adnxs.com *.bidswitch.net *.tremorhub.com *.netreviews.eu *.agkn.com *.rubiconproject.com *.yahoo.com *.bing.com *.taboola.com *.spotxchange.com *.gstatic.com *.advertising.com *.liadm.com *.smaato.net *.criteo.com *.criteo.net *.outbrain.com *.kargo.com *.addthis.com *.tapad.com *.smartadserver.com *.360yield.com *.pubmatic.com *.postrelease.com *.3lift.com *.adform.net *.media.net *.teads.tv *.rambler.ru *.aralego.com *.mail.ru *.yieldmo.com *.sharethrough.com *.yieldlab.net *.omnitagjs.com *.stickyadstv.com *.ivitrack.com *.mgid.com *.mediavine.com *.adotmob.com *.e-planning.net *.openx.net *.adscale.de *.rlcdn.com *.avis-verifies.com/ *.opiniones-verificadas.com *.magentocommerce.com/ *.googlesyndication.com *.dmxleo.com *.petitceller.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.collect.igodigital.com consent.cookiebot.com consentcdn.cookiebot.com *.googletagmanager.com cl.avis-verifies.com *.svn.avis-verifies.com *.avis-verifies.com *.bucket.cdnwebcloud.com *.facebook.com *.facebook.net *.google-analytics.com *.webgains.io *.clarity.ms *.googleapis.com *.googleadservices.com *.cdnwebcloud.com *.taboola.com *.criteo.com *.criteo.net *.adsrvr.org *.googlesyndication.com *.petitceller.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.collect.igodigital.com *.taboola.com *.google-analytics.com *.google.com *.doubleclick.net *.clarity.ms *.netreviews.eu *.cdnwebcloud.com *.opiniones-verificadas.com *.avis-verifies.com c.avis-verifies.com *.cookiebot.com *.paypal.com *.webgains.io *.facebook.com *.youtube.com *.adsrvr.org *.googlesyndication.com *.petitceller.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.ie ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com *.google-analytics.com *.analytics.google.com sanalytics.spreadshirt.ie *.spreadshirt.ie ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.google-analytics.com *.analytics.google.com *.spreadshirt.ie ; font-src 'self' https: data: *.spreadshirt.ie ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.ie ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.ie ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.gstatic.com www.google.com *.googleapis.com www.njstart.gov www.googletagmanager.com marketplace.phi-production.cloud www.google-analytics.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: *.klevu.com *.ksearchnet.com *.morplan.com *.kxcdn.com/ *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.facebook.com *.morplan.com *.kxcdn.com/ *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com account.fetchify.com https://www.googletagmanager.com/ *.trustpilot.com *.hotjar.com *.facebook.com *.kxcdn.com/ *.morplan.com *.youtube.com *.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com https://images.unsplash.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.morplan.com *.linkedin.com *.bing.com *.adsymptotic.com *.google.com *.google.co.uk *.livehelp.it *.facebook.com *.googletagmanager.com *.uploadlibrary.com *.clarity.ms *.cartcontents.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com songbirdstag.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com *.cgtrader.com unpkg.com *.trustpilot.com *.leadforensics.com *.facebook.net *.hotjar.com *.bing.com *.licdn.com *.windows.net *.livehelp.it *.clarity.ms *.doubleclick.net *.wheelofpopups.com *.cloudfront.net *.cloudflare.com *.cookielaw.org *.cartcontents.com *.morplan.com/ *.kxcdn.com/ assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com cc-cdn.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.windows.net *.cloudfront.net *.cloudflare.com *.cookielaw.org *.morplan.com/ *.kxcdn.com/ unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.morplan.com *.kxcdn.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com thm.visa.com www.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.google.com *.doubleclick.net *.hotjar.com *.clarity.ms *.liadm.com *.cgtrader.com *.freshrelevance.com am.freshrelevance.com wss://am.freshrelevance.com/ *.dycdn.net *.cloudfront.net *.cloudflare.com *.google-analytics.com *.trustpilot.com *.kxcdn.com/ *.oribi.io *.morplan.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; img-src 'self' data: uploads-ssl.webflow.com d1otoma47x30pg.cloudfront.net d3e54v103j8qbb.cloudfront.net; script-src 'self' 'unsafe-inline'; font-src 'self' data: uploads-ssl.webflow.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; manifest-src 'self'; connect-src webflow.com member.civsoc.net; 1
img-src https://higherlogicdownload.s3.amazonaws.com/CSIRESOURCES/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CSIRESOURCES/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/CSIRESOURCES/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' https://higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CSIRESOURCES/ https://higherlogicdownload.s3.amazonaws.com/CSIRESOURCES/ https://higherlogiclongterm.s3.amazonaws.com/CSIRESOURCES/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogiccloudfront.s3.amazonaws.com https://higherlogicdownload.s3.amazonaws.com/CSIRESOURCES/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CSIRESOURCES/ 'self' https://higherlogiclongterm.s3.amazonaws.com/CSIRESOURCES/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; media-src https://higherlogiclongterm.s3.amazonaws.com/CSIRESOURCES/ https://higherlogicdownload.s3.amazonaws.com/CSIRESOURCES/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CSIRESOURCES/ https://higherlogicstream.s3.amazonaws.com/CSIRESOURCES/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/CSIRESOURCES/ https://higherlogicdownload.s3.amazonaws.com/CSIRESOURCES/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/hlqui-2024-05-08.js https://d132x6oi8ychic.cloudfront.net https://cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CSIRESOURCES/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/hlq-2024-05-08.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; script-src-elem https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/hlqui-2024-05-08.js https://d3uf7shreuzboy.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/hlq-2024-05-08.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; default-src 'self'; base-uri 'self'; connect-src 'self' https://hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.custhelp.com services.bancopromerica.com.gt www.google.com wstasacambio.bancopromerica.com.gt *.facebook.net analytics.google.com *.gstatic.com www.googletagmanager.com *.linkedin.com www.google.com.gt *.cloudfront.net *.facebook.com us1.clevertap-prod.com www.google-analytics.com *.bluekai.com *.doubleclick.net *.licdn.com tags.bkrtx.com adservice.google.com *.oraclecloud.com maxcdn.bootstrapcdn.com www.bancopromerica.com.gt ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src cdn.jsdelivr.net fonts.gstatic.com cdn.almapay.com *.cloudflare.com *.jsdelivr.net *.fontawesome.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.getalma.eu sketchfab.com cl.avis-verifies.com *.doubleclick.net *.pinterest.com *.criteo.com *.google.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src *.adobedtm.com *.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.swagger.io *.sketchfab.com cl.avis-verifies.com *.contentsquare.net analytics.digital-metric.net *.demdex.net *.magentocommerce.com *.googleadservices.com *.google-analytics.com *.doubleclick.net *.google.com  *.gstatic.com *.paypal.com *.paypalobjects.com *.ytimg.com *.avis-verifies.com *.digital-metric.net *.get-potions.com *.bing.com *.pinterest.com *.facebook.com *.mageside.com *.meetanshi.com *.mapbox.com *.openstreetmap.org *.googleapis.com *.braintreegateway.com *.interiors.fr/ *.google.com mageside.com https://meetanshi.com/media/logo.png https://www.google.fr https://api.mapbox.com *.tile.openstreetmap.org https://maps.googleapis.com https://maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net googleapis.com sdk.privacy-center.org tag.search.sensefuel.com tag.search.sensefuel.live widgets.rr.skeepers.io www.dwin1.com www.personalicanvas.com t.contentsquare.net try.abtasty.com www.googlecommerce.com partner.interiors.fr *.digital-metric.com *.digital-metric.net *.cloudfront.net hit.uptrendsdata.com cdn.matomo.cloud halc.iadvize.com client.get-potions.com *.carts.guru connect.facebook.net js-agent.newrelic.com *.pinimg.com *.bing.com *.app-us1.com *.frizbit.com ct.pinterest.com *.criteo.com *.googletagmanager.com *.google.com *.gstatic.com *.avada.io https://cdnjs.cloudflare.com https://maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com tag.search.sensefuel.com *.frizbit.com *.google-analytics.com *.googletagmanager.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.getalma.eu region1.google-analytics.com *.search.sensefuel.live dcinfos-cache.abtasty.com ariane.abtasty.com halc.iadvize.com api.iadvize.com client.get-potions.com *.carts.guru api.privacy-center.org hit.uptrendsdata.com bam.nr-data.net c.contentsquare.net *.google.com *.doubleclick.net *.frizbit.com *.pinterest.com maps.googleapis.com *.criteo.com *.googlesyndication.com *.google-analytics.com https://get.geojs.io *.avada.io https://nominatim.openstreetmap.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.insight.com *.drift.com *.driftcdn.com *.launchdarkly.com www.googletagmanager.com play.vidyard.com *.aimtell.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.insight.com *.adroll.com *.atgsvcs.com *.custhelp.com *.webcollage.net *.driftt.com *.google.com *.marketo.com *.doubleclick.com *.doubleclick.net *.qualtrics.com assets.adobedtm.com cdn.lr-in-prod.com cdn.pricespider.com munchkin.marketo.net play.vidyard.com s.go-mpulse.net up.pixel.ad use.typekit.net ws.cs.1worldsync.com www.clarity.ms www.google-analytics.com www.googletagmanager.com www.youtube.com apps.bazaarvoice.com static.ads-twitter.com cdn-ukwest.onetrust.com cdn01.basis.net cdns.eu1.gigya.com code.jquery.com content.syndigo.com js.adsrvr.org *.cnetcontentsolutions.com mpsnare.iesnare.com unpkg.com www.googleadservices.com bat.bing.com cdn.cs.1worldsync.com cdn.tt.omtrdc.net connect.facebook.net i.simpli.fi lex.33across.com px.ads.linkedin.com s3.amazonaws.com snap.licdn.com *.hotjar.com t.sellpoints.com tracking.intentsify.io view.ceros.com w.usabilla.com ws.zoominfo.com xiecomm.paymetric.com blob:; style-src 'self' 'unsafe-inline' *.insight.com *.drift.com *.marketo.com code.jquery.com cdn.cs.1worldsync.com fonts.googleapis.com cdn.tt.omtrdc.net; img-src * data:; font-src 'self' data: *.insight.com fonts.gstatic.com use.typekit.net cdn.cs.1worldsync.com insightenterprises.qualtrics.com s.nsit.com svcs.tql.com at.alicdn.com; connect-src 'self' *.akamaihd.net *.clarity.ms *.gigya.com *.google.com *.google-analytics.com *.googlesyndication.com *.insight.com *.launchdarkly.com *.mktoresp.com *.akstat.io *.go-mpulse.net *.onetrust.com insightenterprises.tt.omtrdc.net stats.g.doubleclick.net www.google-analytics.com 366-uky-221.mktoutil.com adservice.google.com bat.bing.com cdn.aimtell.io cdn.linkedin.oribi.io cert-xiecomm.paymetric.com content.syndigo.com dpm.demdex.net et-qalogin.insight.com integration.richrelevance.com r.lr-in-prod.com rules.atgsvcs.com signals.aimtell.com sjrtp2.marketo.com smetrics.insight.com *.bazaarvoice.com ws.zoominfo.com *.adroll.com play.vidyard.com *.richrelevance.com www.facebook.com siteintercept.qualtrics.com *.googletagmanager.com; media-src player.vimeo.com www.youtube.com; object-src *.insight.com; frame-src 'self' *.adsrvr.org pixel.sitescout.com insight.demdex.net js.driftt.com app-abm.marketo.com centinelapistag.cardinalcommerce.com cert-xiecomm.paymetric.com html5-player.libsyn.com insightent.wufoo.com *.insight.com play.vidyard.com view.ceros.com www.youtube.com *.marketo.com *.doubleclick.net *.everestjs.net cbsi.demdex.net www.facebook.com beacon.aimtell.com; report-uri https://insight.report-uri.com/r/t/csp/wizard 1
font-src *.stripe.com *.google.com *.opayo.eu.elavon.com https://*.gstatic.com https://*.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.stripe.com *.google.com *.opayo.eu.elavon.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.awin1.com *.zenaps.com *.fls.doubleclick.net consentcdn.cookiebot.com consentcdn.cookiebot.eu *.stripe.com https://*.google.com *.opayo.eu.elavon.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw https://*.doubleclick.net https://*.hotjar.com https://*.braintreegateway.com https://*.paypal.com https://*.trustpilot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.awin1.com *.zenaps.com *.wepowerconnections.com imgsct.cookiebot.com imgsct.cookiebot.eu *.stripe.com https://*.google.com ebizmarts-website.s3.amazonaws.com *.paypal.com *.opayo.eu.elavon.com https://*.googleapis.com https://*.gstatic.com https://*.doubleclick.net https://*.google.co.uk https://*.cloudfront.net https://*.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com consent.cookiebot.com consent.cookiebot.eu *.stripe.com https://www.google.com *.opayo.eu.elavon.com https://*.googleapis.com https://www.gstatic.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.cloudfront.net https://*.google-analytics.com https://*.paypal.com https://*.trustpilot.com https://*.zdassets.com https://*.zendesk.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com tagmanager.google.com *.facebook.net unpkg.com https://www.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.stripe.com https://*.googleapis.com *.opayo.eu.elavon.com https://*.typekit.net https://*.cloudfront.net unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://*.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.wepowerconnections.com https://the.sciencebehindecommerce.com consentcdn.cookiebot.com consentcdn.cookiebot.eu *.stripe.com *.google.com *.paypal.com *.opayo.eu.elavon.com *.ideal-postcodes.co.uk https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net https://*.freshdesk.com wss://*.hotjar.com https://*.googleapis.com https://*.zdassets.com https://*.zendesk.com wss://*.zendesk.com https://*.smooch.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-s6p8EOuGa8RfsEmWrwwKhg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src https://*.klevu.com https://*.gstatic.com https://*.typekit.net *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://*.doubleclick.net https://*.braintreegateway.com https://*.kaptcha.com https://*.paypal.com https://*.google.com https://*.hotjar.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://*.klevu.com https://*.paypal.com https://*.gumlet.io https://*.onetrust.com https://*.doubleclick.net https://*.google.com https://*.google.co.uk https://*.cloudfront.net *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://*.cloudfront.net https://*.klevu.com https://*.google-analytics.com https://*.doubleclick.net https://*.braintreegateway.com https://*.paypal.com https://*.onetrust.com https://*.newrelic.com https://*.nr-data.net https://*.trackedweb.net https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://*.hotjar.com https://secure.leadforensics.com https://*.googleapis.com js.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://*.cloudfront.net https://*.klevu.com https://*.googleapis.com https://*.typekit.net *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com tagmanager.google.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://*.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://*.freshdesk.com https://*.google-analytics.com https://*.doubleclick.net https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io wss://*.hotjar.io https://*.braintreegateway.com https://*.braintree-api.com https://*.onetrust.com https://*.adobedc.net https://*.nr-data.net *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://static.xfarma.it *.gstatic.com *.fontawesome.com *.googleapis.com applepay.cdn-apple.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.awin1.com *.zenaps.com *.fls.doubleclick.net *.trustpilot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * api.payplug.com secure.payplug.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.awin1.com *.zenaps.com *.wepowerconnections.com https://www.xfarma.it *.xfarma.it https://www.google.it *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/  https://www.google.com/ *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com https://www.xfarma.it *.xfarma.it https://cdn.doofinder.com https://eu1-search.doofinder.com https://pagead2.googlesyndication.com https://plausible.io https://widget.trustpilot.com *.trustpilot.com *.fontawesome.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.facebook.net *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com api.payplug.com applepay.cdn-apple.com https://cdn.payplug.com/js/integrated-payment/ *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com tracking.trovaprezzi.it www.trovaprezzi.it https://www.googletagmanager.com tagmanager.google.com unpkg.com https://www.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.xfarma.it *.trustpilot.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.wepowerconnections.com https://the.sciencebehindecommerce.com https://connect.facebook.net https://eu1-search.doofinder.com https://www.facebook.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://plausible.io https://pagead2.googlesyndication.com https://widget.trustpilot.com https://static.xfarma.it *.google-analytics.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.facebook.net 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com https://static.unzer.com https://applepay.cdn-apple.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com https://*.cookiebot.com https://payment.unzer.com/ https://payment.heidelpay.com/ https://sbx-payment.heidelpay.com/ https://h.online-metrix.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net https://stats.g.doubleclick.net *.googletagmanager.com *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.hsforms.net *.hsforms.com https://www.google.de https://services.postcodeanywhere.co.uk https://*.cookiebot.com https://dildoking.de https://*.dildoking.de https://*.cloudfront.net https://static.unzer.com *.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.bg https://www.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com jsd-widget.atlassian.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.hsforms.net *.hsforms.com https://*.cookiebot.com https://rec.smartlook.com https://click11202.pcapredict.com https://services.postcodeanywhere.co.uk https://js-agent.newrelic.com https://*.channeladvisor.com https://*.payments-amazon.com https://bam.nr-data.net https://static.unzer.com https://applepay.cdn-apple.com https://code.jquery.com https://h.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://static.klaviyo.com https://services.postcodeanywhere.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.bolt.com *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net *.google.com jsd-widget.atlassian.com api-private.atlassian.com api.friendlycaptcha.com eu-api.friendlycaptcha.eu https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ t.elasticsuite.io *.hsforms.net *.hsforms.com https://clickpool.tt.omtrdc.net https://*.cookiebot.com https://*.smartlook.cloud https://googleads.g.doubleclick.net https://services.postcodeanywhere.co.uk https://*.paypal.com https://*.amazon.com https://bam.nr-data.net https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://api.unzer.com https://api.heidelpay.com https://sbx-api.heidelpay.com https://h.online-metrix.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://mobbex.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mobbex.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ s7.addthis.com *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mobbex.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mobbex.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=g8Y634nz4BFQaGmCJ04tyC5POmS4V.fzATkoLxbOnsA-1721955582-1.0.1.1-Lom7zNOvrYhNUl8FR7YI8TaomsByka8AezXITRQ2j6O9NpuFOrcK8ao_2xkgDkUUaBTJopWfuCqheXdwfVTkc_Ius0DVCdiqp4HS1zx7fnIIMjdslneGfuwU1zdCc4Ywr9dEip7sben6_EtCvZPKc5P7.VntrHeLxOWC8CS9364; report-to cf-csp-endpoint 1
font-src fonts.gstatic.com fonts.googleapis.com newrelic.com www.google.com use.typekit.net maxcdn.bootstrapcdn.com *.myshopify.com *.shopify.com *.saas.talismaonline.com data: 'self' 'unsafe-inline'; form-action www.facebook.com *.facebook.com *.google.com *.saas.talismaonline.com 'self' 'unsafe-inline'; frame-ancestors gstatic.com *.saas.talismaonline.com *.myshopify.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com social-plugins.line.me www.facebook.com www.google.com newrelic.com vault.omise.co www.youtube.com youtu.be https://cdn.omise.co *.weltpixel.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.myshopify.com *.shopify.com *.saas.talismaonline.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com www.facebook.com maps.gstatic.com *.googleapis.com *.ggpht.com lh3.googleusercontent.com *.googleusercontent.com platform-lookaside.fbsbx.com www.w3.org newrelic.com www.paypalobjects.com t.paypal.com s.ytimg.com www.google.co.in api.omise.co omise-gateway-production.s3.ap-southeast-1.amazonaws.com flagpedia.net *.myshopify.com *.shopify.com *.saas.talismaonline.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com omise.co cdn.omise.co maps.googleapis.com connect.facebook.net d.line-scdn.net js-agent.newrelic.com bam-cell.nr-data.net www.google.com www.gstatic.com newrelic.com cdn.iubenda.com www.iubenda.com www.google.co.in f.vimeocdn.com https://cdn.omise.co cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.gstatic.com *.myshopify.com *.shopify.com *.saas.talismaonline.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com newrelic.com www.google.com use.typekit.net p.typekit.net cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com maxcdn.bootstrapcdn.com *.gstatic.com *.myshopify.com *.shopify.com *.saas.talismaonline.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com bam-cell.nr-data.net newrelic.com www.google.com youtube.com googletagmanager.com paypal.com bam.nr-data.net webchat.dotdigital.com stats.g.doubleclick.net hits-i.iubenda.com www.facebook.com maps.googleapis.com https://cdn.omise.co webchat.staging.dotdigital.com www.gstatic.com *.myshopify.com *.shopify.com *.saas.talismaonline.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es https://www.google.com payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io maps.googleapis.com maps.gstatic.com fonts.googleapis.com s7.addthis.com *.avada.io https://www.google.com https://www.gstatic.com payment.preprod.direct.worldline-solutions.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es ekr.zdassets.com/ https://get.geojs.io *.avada.io payment.preprod.direct.worldline-solutions.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob:;style-src 'self' 'unsafe-inline' https: data:;connect-src https: wss:;frame-src https:;script-src 'unsafe-eval' 'unsafe-inline' https: blob: data:;font-src https: data:;img-src https: data: blob:;media-src https: blob:; report-uri /csp_rep 1
script-src 'unsafe-eval' blob: 'self' meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikifunctions.org *.wikivoyage.org *.mediawiki.org 'unsafe-inline' login.wikimedia.org; default-src 'self' data: blob: upload.wikimedia.org https://commons.wikimedia.org meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikifunctions.org *.wikivoyage.org *.mediawiki.org wikimedia.org en.wikipedia.org en.wikibooks.org en.wikinews.org en.wikiquote.org en.wikisource.org en.wikiversity.org en.wikivoyage.org en.wiktionary.org www.mediawiki.org api.wikimedia.org commons.wikimedia.org foundation.wikimedia.org incubator.wikimedia.org species.wikimedia.org wikimania.wikimedia.org www.wikidata.org login.wikimedia.org; style-src 'self' data: blob: upload.wikimedia.org https://commons.wikimedia.org meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikifunctions.org *.wikivoyage.org *.mediawiki.org wikimedia.org 'unsafe-inline'; object-src 'none'; report-uri /w/api.php?action=cspreport&format=json&reportonly=1 1
object-src 'none';base-uri 'self';script-src 'nonce-bFj5D7jyrjCXTRAA3zTw1A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vjs.zencdn.net https://cdnjs.cloudflare.com static.cloudflareinsights.com https://view.ceros.com https://ad.doubleclick.net *.cloudfront.net https://www.googletagservices.com *.yieldify.com *.affiliatefuture.com https://connect.facebook.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://ad.doubleclick.net https://www.google-analytics.com https://*.googletagmanager.com https://www.jazzhr.com http://app.jazz.co *.stackla.com https://lpcdn.lpsnmedia.net https://lptag.liveperson.net https://accdn.lpsnmedia.net https://va.v.liveperson.net *.knack.com *.cloud-database.co *.youtube.com *.ytimg.com *.moatads.com *.google.com https://service.force.com *.salesforce.com *.salesforceliveagent.com *.secure.force.com *.lightning.force.com https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net https://www.gstatic.com https://www.googleoptimize.com https://bat.bing.com https://*.clarity.ms/s/0.6.34/clarity.js https://sdk.joinsherpa.io https://cdn.amplitude.com/ *.tiktok.com *.salesforce-sites.com *.googlesyndication.com *.cookielaw.org https://cdn.jsdelivr.net http://cdn.jsdelivr.net https://trackla.stackla.com http://vjs.zencdn.net/; object-src 'self'; style-src 'self' 'unsafe-inline' *.cloudfront.net https://cdnjs.cloudflare.com https://fonts.googleapis.com *.stackla.com https://vjs.zencdn.net *.cloud-database.co *.google.com *.salesforce.com https://service.force.com *.secure.force.com *.salesforce-sites.com https://ajax.aspnetcdn.com; img-src * 'self' data: https: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io  https://*.g.doubleclick.net https://*.google.com https://*.google; media-src *; frame-src 'self' https://www.jazzhr.com *.applytojob.com http://app.jazz.co https://lpcdn.lpsnmedia.net *.stackla.com *.yieldify.com *.fls.doubleclick.net https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://view.ceros.com https://www.facebook.com *.affiliatefuture.com *.liveperson.net *.youtube.com *.knack.com *.newrelic.com *.google.com https://service.force.com https://sdk.joinsherpa.io https://apps.joinsherpa.io/ *.tiktok.com td.doubleclick.net https://topdecktravel.outgrow.us/; child-src 'self' https://www.jazzhr.com *.applytojob.com http://app.jazz.co https://lpcdn.lpsnmedia.net *.stackla.com *.yieldify.com *.fls.doubleclick.net *.hotjar.com https://view.ceros.com https://www.facebook.com *.affiliatefuture.com *.youtube.com *.knack.com *.newrelic.com; font-src 'self' data: *.stackla.com https://fonts.gstatic.com https://fonts.googleapis.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.cloud-database.co *.sfdcstatic.com; connect-src 'self' *.yieldify.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com *.doubleclick.net https://*.google.com https://*.google *.facebook.com *.google.com *.secure.force.com https://*.clarity.ms *.tiktok.com *.salesforce-sites.com *.salesforce.com topdeck-server-side-tagging-5oerkrosbq-ew.a.run.app https://bat.bing.com *.google.ie *.cookielaw.org *.onetrust.com; report-uri /report-csp-violation 1
object-src 'none';base-uri 'self';script-src 'nonce-QHF_-TQyl7qiqEzt_kVl0g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-XkbbXTQH8favqbiVCLhSsg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; img-src 'self' data: *; media-src * blob:; script-src 'self' https://k-business.com https://www.k-business.com https://*.usercentrics.eu https://service-proxy-logger-wfcmkywozq-ey.a.run.app *.googletagmanager.com *.google-analytics.com data: *.googleadservices.com snap.licdn.com cdn.linkedin.oribi.io www.youtube.com *.leadinfo.net  *.leadinfo.com vimeo.com 'unsafe-inline' 'unsafe-eval' googleads.g.doubleclick.net connect.facebook.net 'report-sample'; connect-src 'self' https://*.usercentrics.eu https://service-proxy-logger-wfcmkywozq-ey.a.run.app *.googletagmanager.com  *.google-analytics.com *.googleadservices.com snap.licdn.com cdn.linkedin.oribi.io noembed.com *.leadinfo.net *.leadinfo.com vimeo.com; frame-src 'self' https: https:; style-src 'self' 'unsafe-inline' hello.myfonts.net; font-src 'self'; manifest-src 'self' 1
font-src fonts.gstatic.com *.fontawesome.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.tawk.to *.cloudfront.net portaldasmalas.com.br data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.facebook.com *.tawk.to *.cloudfront.net portaldasmalas.com.br 'self' 'unsafe-inline'; frame-ancestors portaldasmalas.com.br 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.twitter.com *.addthis.com *.hotjar.com *.facebook.com *.demdex.net *.tawk.to *.google.com.br *.g.doubleclick.net *.cloudfront.net *.weltpixel.com portaldasmalas.com.br 'self' 'unsafe-inline'; img-src assets.adobedtm.com *.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io validate.fishpig.co.uk https://meetanshi.com/media/logo.png https://cdn.mundipagg.com https://api.pagar.me *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.avis-verifies.com *.jsdelivr.net *.google.com *.google.com.br *.facebook.com *.facebook.net *.demdex.net *.gstatic.com *.mundipagg.com *.meetanshi.com meetanshi.com *.g.doubleclick.net *.googletagmanager.com *.cloudfront.net *.magentocommerce.com.net *.netreviews.eu maps.gstatic.com portaldasmalas.com.br data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com cdn.ampproject.org raw.githubusercontent.com *.avada.io *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.hotjar.com *.addthis.com *.tawk.to *.jsdelivr.net *.facebook.net *.moatads.com *.avis-verifies.com *.addthisedge.com lib/web/jquery/patches/jquery-ui.js *.google.com.br *.g.doubleclick.net *.googletagmanager.com *.cloudfront.net sibautomation.com maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com portaldasmalas.com.br 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.jsdelivr.net *.tawk.to *.cloudfront.net tagmanager.google.com portaldasmalas.com.br 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com portaldasmalas.com.br 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org https://get.geojs.io *.avada.io https://api.mundipagg.com https://api.pagar.me *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.cardinalcommerce.com *.addthis.com *.tawk.to wss://*.tawk.to *.facebook.net *.google-analytics.com *.doubleclick.net *.demdex.net *.hotjar.com *.mundipagg.com *.cloudfront.net brasilapi.com.br in-automate.brevo.com portaldasmalas.com.br 'self' 'unsafe-inline'; child-src portaldasmalas.com.br http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src portaldasmalas.com.br 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-9bbEGalPfPg7XV0OKDY3aQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-5IY9PZybTNpLe6O4aQHcDA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-kvYcr5avbylzcagphEv-Vw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com portal.bulkgate.com *.gstatic.com *.mysport.lv *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de portal.bulkgate.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net *.sumo.com sumo.com *.sumome.com *.pinterest.com *.moatads.com *.google.lv *.google.com *.gstatic.com *.windows.net 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de portal.bulkgate.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.google.com *.addthis.com *.google.lv *.gstatic.com *.windows.net *.facebook.com *.wesupply.xyz *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de portal.bulkgate.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com validate.fishpig.co.uk *.mysport.lv *.facebook.com *.google.lv *.google.com *.gstatic.com *.windows.net https://maps.omnivasiunta.lt 'self' data: *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com cdn.ampproject.org raw.githubusercontent.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de portal.bulkgate.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.google.com *.mysport.lv *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net *.sumo.com sumo.com *.sumome.com *.pinterest.com *.moatads.com *.google.lv *.windows.net https://unpkg.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com portal.bulkgate.com *.gstatic.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.mysport.lv *.fontawesome.com maxcdn.bootstrapcdn.com *.googleapis.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com cdn.ampproject.org *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de portal.bulkgate.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.mysport.lv *.addthis.com *.doubleclick.net sumo.com *.google.lv *.google.com *.windows.net *.facebook.com https://geocode.arcgis.com *.google-analytics.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src cdn.jsdelivr.net fonts.gstatic.com https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com fonts.googleapis.com https://cdnjs.cloudflare.com *.jsdelivr.net *.almapay.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://www.youtube.com https://vimeo.com https://www.dailymotion.com https://www.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://dam.meublesflahaut.adexos.cooking http://dam.pierre-lannier.fr *.bird.eu a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://www.googletagmanager.com https://www.facebook.com *.bing.com https://bat.bing.com https://googleads.g.doubleclick.net https://scontent.cdninstagram.com https://scontent-cdt1-1.cdninstagram.com https://scontent-cdg2-1.cdninstagram.com https://www.google.com https://www.google.fr https://fonts.gstatic.com *.clarity.ms *.imgix.net *.pierre-lannier.fr *.etrusted.com https://dam.pierre-lannier.fr https://a.tile.openstreetmap.fr https://maps.gstatic.com https://maps.googleapis.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net jquery.sellxed.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io https://cdnjs.cloudflare.com https://googleads.g.doubleclick.net https://analytics.webgains.io https://www.googletagmanager.com https://connect.facebook.net http://bat.bing.com https://bat.bing.com http://tck.elitrack.com https://www.google.com https://www.gstatic.com *.clarity.ms *.axept.io *.tiktok.com *.etrusted.com https://maps.googleapis.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com http://widgets.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com https://cdnjs.cloudflare.com *.etrusted.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com http://widgets.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.getalma.eu https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://graph.instagram.com *.clarity.ms *.axept.io *.analytics.google.com https://analytics.tiktok.com https://nominatim.openstreetmap.org https://maps.googleapis.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://o4504298754015232.ingest.us.sentry.io/api/4505346520776704/security/?sentry_key=492fe70577744b12ae0ac2ce07320591;base-uri 'self';object-src 'none';default-src 'self' * data:;style-src 'self' 'unsafe-inline' *;script-src 'unsafe-eval' 'strict-dynamic' 'nonce-mOT6F4BlLBd5XxVSGeamB16oi09ml1EdEQoe9Brq' 1
default-src 'self'; report-uri https://engineer.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' guaporepneus.com.br *.guaporepneus.com.br guaporepneus.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store *.adyen.com *.pagar.me *.mundipagg.com *.g.doubleclick.net *.googletagmanager.com *.google.com.br *.googleadservices.com *.jotfor.ms *.jotform.com api.jotform.com *.braintree-api.com *.*.braintree-api.com *.braintreegateway.com *.*.braintreegateway.com *.pagseguro.com.br *.*.pagseguro.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.guaporepneus.com.br guaporepneus.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' fitmoda.com.br *.fitmoda.com.br fitmoda.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.paypalobjects.com *.paypal.com *.smarthint.co *.g.doubleclick.net *.googleadservices.com *.google.com.br d335luupugsy2.cloudfront.net google.com.br *.rdstation.com.br *.facebook.net *.google-analytics.com *.google.cl *.google.com *.com.au *.com.pe *.google.sr *.com.bo *.google.ie *.fbits.net *.tawk.to *.soclminer.com.br *.co.jp google.co.jp googleadservices.com googleads.g.doubleclick.net tpc.googlesyndication.com *.fitmoda.com.br google-analytics.com *.googletagmanager.com *.google.pt *.google.fr *.google.it *.uc.r.appspot.com stats.g.doubleclick.net googletagmanager.com connect.facebook.net *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net clarity.ms *.clarity.ms checkout.fitmoda.com.br *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com secure.lomadee.com *.lomadee.com 44.219.78.226 35.168.146.240 44.217.13.28 *.fbits.store *.adyen.com *.pagar.me *.mundipagg.com *.braintree-api.com *.*.braintree-api.com *.braintreegateway.com *.*.braintreegateway.com *.pagseguro.com.br *.*.pagseguro.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.fitmoda.com.br fitmoda.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho 1
font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com *.abtasty.com *.googleapis.com *.gstatic.com oct8necdneu.azureedge.net/ *.peppermoneytest.es *.peppermoney.es 'self' data: widget.pepperfinance.es static-eu.oct8ne.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.google.com *.cookiebot.com *.pinterest.com *.hotjar.com *.hotjar.io *.facebook.com *.facebook.net *.bing.com *.oct8ne.com *.peppermoneytest.es *.peppermoney.es *.pepperfinance.es fledge-eu.creativecdn.com ams.creativecdn.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com maps.googleapis.com maps.gstatic.com https://img.youtube.com www.google.com www.google.es www.googletagmanager.com stats.g.doubleclick.net googleads.g.doubleclick.net *.pinterest.com *.facebook.com *.facebook.net *.bing.com *.clarity.ms tracker.metricool.com *.abtasty.com *.amazonaws.com *.oct8ne.com oct8necdneu.azureedge.net/ gstatic.com *.peppermoneytest.es oct8necdneu.azureedge.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: imgsct.cookiebot.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com s7.addthis.com *.cookiebot.com *.google.com www.google.es www.gstatic.com sl.google-analytics.com googleads.g.doubleclick.net *.googleapis.com s.pinimg.com *.pinterest.com *.hotjar.com *.hotjar.io *.facebook.com *.facebook.net *.bing.com *.fittingbox.com js-agent.newrelic.com bam.nr-data.net *.clarity.ms tracker.metricool.com *.abtasty.com *.oct8ne.com *.peppermoneytest.es *.peppermoney.es assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.gstatic.com widget.pepperfinance.es 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.abtasty.com *.googleapis.com *.gstatic.com *.peppermoneytest.es *.peppermoney.es *.pepperfinance.es *.oct8ne.com oct8necdneu.azureedge.net tags.creativecdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com ekr.zdassets.com/ *.cookiebot.com www.google.com *.google.com www.google.es *.googleapis.com www.gstatic.com www.googletagmanager.com sl.google-analytics.com *.g.doubleclick.net s.pinimg.com *.pinterest.com *.hotjar.com *.hotjar.io *.facebook.com *.facebook.net *.bing.com *.fittingbox.com js-agent.newrelic.com bam.nr-data.net *.clarity.ms *.abtasty.com *.oct8ne.com *.peppermoneytest.es *.peppermoney.es ams.creativecdn.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.com.pt https://www.myheritage.com.pt  'unsafe-eval' 'nonce-371c2b072d37fbfd15da5b6f0163a257' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.com.pt;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
frame-ancestors *.hana.ondemand.com 'self'; object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; media-src googleapis.com *.zdassets.com 'self' 'unsafe-inline'; font-src googleapis.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.googleapis.com *.zopim.com *.gstatic.com *.tawk.to *.jsdelivr.net media.flixfacts.com 'unsafe-inline' data: 'self' 'unsafe-inline'; style-src googleapis.com getfirebug.com *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.cloudflare.com *.googleapis.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: 'self' 'unsafe-inline'; connect-src static-forms.klaviyo.com googleapis.com facebook.com facebook.net klaviyo.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://static.klaviyo.com https://fast.a.klaviyo.com *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.testfreaks.com *.google.com *.nosto.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.paypal.com *.tawk.to wss://*.tawk.to *.tawk.link *.addthis.com *.addthisedge.com *.nr-data.net vsb111.tawk.to ekr.zdassets.com api.magento.com commerce.adobedc.net app.mobicredwidget.co.za www.google-analytics.com wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-eval' data: 'self' 'unsafe-inline'; form-action googleapis.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com oppwa.com *.oppwa.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; frame-src googleapis.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google.com oppwa.com *.oppwa.com data:text *.google.com *.nosto.com *.youtube.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.addthis.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; img-src googleapis.com widgets.magentocommerce.com 'unsafe-inline' data: www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://a.klaviyo.com *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.cloudflare.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.gstatic.com *.zopim.com *.nosto.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co *.tawk.to tawk.link *.tawk.link *.addthis.com *.jsdelivr.net *.facebook.com *.youtube.com *.azurewebsites.net www.google-analytics.com maps.googleapis.com app.mobicredwidget.co.za amcglobal.sc.omtrdc.net media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com 'self' 'unsafe-inline'; script-src googleapis.com klaviyo.com facebook.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.google.com www.gstatic.com https://static.klaviyo.com https://fast.a.klaviyo.com *.klevu.com *.ksearchnet.com *.oppwa.com oppwa.com *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.newrelic.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.nosto.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.to *.tawk.link *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.mouseflow.com *.nr-data.net *.facebook.com maps.googleapis.com www.googleadservices.com commerce.adobedtm.com magento-recs-sdk.adobe.net static.zdassets.com app.mobicredwidget.co.za connect.facebook.net bam.nr-data.net googleads.g.doubleclick.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network 'self' 'unsafe-inline' 'unsafe-eval'; 1
font-src *.cardinalcommerce.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.cardinalcommerce.com *.cloudflare.com *.bootstrapcdn.com 'self' 'unsafe-inline'; frame-ancestors *.despegar.com/ 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.google.com *.siteblindado.com.br *.avis-verifies.com *.octadesk.services *.cloudflare.com *.facebook.com *.google.com *.hotjar.com *.despegar.com/ https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.compreconfie.com.br *.avis-verifies.com *.cloudflare.com *.facebook.com *.google.com.br *.tcdn.com *.despegar.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.croapp.net *.googletagmanager.com googleads.g.doubleclick.net *.avis-verifies.com *.siteblindado.com *.fontawesome.com *.octadesk.services *.cloudflare.com *.getfirebug.com *.twitter.com *.facebook.net *.dinamize.com *.gstatic.com *.goadopt.io *.usebeon.io *.hotjar.com *.google.com *.omguk.com *.despegar.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.googleapis.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com *.cloudflare.com *.facebook.net *.goadopt.io *.usebeon.io *.googleapis.com *.google.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.siteblindado.com.br *.avis-verifies.com *.cloudflare.com *.hotjar.com *.goadopt.io *.usebeon.io *.paypal.com *.despegar.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src d.digsgogo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=labuznik 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net *.facebook.com www.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * api.creditguard.co.il cguat2.creditguard.co.il cgmpiuat.creditguard.co.il ppsuat.creditguard.co.il pps.creditguard.co.il 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com https://meetanshi.com/media/logo.png www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com api.creditguard.co.il cguat2.creditguard.co.il cgmpiuat.creditguard.co.il ppsuat.creditguard.co.il pps.creditguard.co.il data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com connect.facebook.net twitter.com platform.twitter.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com api.creditguard.co.il cguat2.creditguard.co.il cgmpiuat.creditguard.co.il ppsuat.creditguard.co.il pps.creditguard.co.il 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.google-analytics.com *.facebook.com *.facebook.net *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com b.clarity.ms 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.googleapis.com fonts.gstatic.com *.klevu.com *.zohostatic.com *.gstatic.com *.bootstrapcdn.com data: *.klarnacdn.net *.ksearchnet.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.klarna.com *.weltpixel.com *.doubleclick.net *.facebook.com *.zohopublic.com *.trustpilot.com *.twitter.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com store.paradoxlabs.com *.klarna.com *.klarnaevt.com *.klarnacdn.net maps.googleapis.com maps.gstatic.com *.marchex.io *.google.com *.facebook.com *.klevu.com *.lebos.com *.doubleclick.net *.fbcdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.ksearchnet.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.klarna.com *.klarnacdn.net maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.klevu.com *.marchex.io *.ksearchnet.com *.trackedweb.net *.mouseflow.com *.facebook.net *.googletagmanager.com *.doubleclick.net *.trackedlink.net *.gstatic.com www.google.com *.zoho.com *.zohostatic.com *.cloudfront.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.avada.io *.authorize.net *.trustpilot.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.klevu.com *.bootstrapcdn.com *.zohostatic.com *.cloudfront.net *.klarnacdn.net https://static.klaviyo.com *.ksearchnet.com *.fontawesome.com maxcdn.bootstrapcdn.com *.trustpilot.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klarnaevt.com *.ksearchnet.com *.trackedweb.net *.zoho.com *.zohopublic.com wss://vts.zohopublic.com/ *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com https://get.geojs.io *.avada.io *.authorize.net *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-rnHUC1BkHL49JJ313rCi2w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; report-uri /api/csp/log-csp; frame-ancestors 'self' https://*.konicaminolta.com.au https://*.uat.madewithdevotion.com.au http://*.uat.madewithdevotion.com.au https://cms-kentico.konicaminolta.com.au; style-src 'self' 'unsafe-inline' *.googleapis.com; style-src-elem 'self' 'unsafe-inline' *.googleapis.com *.shopifycdn.com *.demio.com *.ambithub.com; font-src 'self' data: *.googleapis.com *.gstatic.com; img-src 'self' data: *.madewithdevotion.com.au *.imgix.net purecatamphetamine.github.io *.ambithub.com *.siteimproveanalytics.io www.google-analytics.com *.linkedin.com www.google.com www.google.com.au www.facebook.com *.monsido.com *.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; media-src 'self' www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.marketo.com *.monsido.com *.googlesyndication.com *.facebook.net *.siteimproveanalytics.com www.googletagservices.com cdnjs.cloudflare.com www.google.com www.gstatic.com maps.gstatic.com maps.googleapis.com ajax.googleapis.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.youtube.com *.shopifycdn.com *.jsdelivr.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com maps.gstatic.com maps.googleapis.com ajax.googleapis.com www.google-analytics.com www.googletagmanager.com googleadservices.com googleads.g.doubleclick.net www.youtube.com query.yahooapis.com *.azure.com *.shopifycdn.com *.marketo.com *.demio.com *.jsdelivr.net siteimproveanalytics.com *.ambithub.com *.polyfill.io *.licdn.com *.facebook.net *.taboola.com *.oribi.io *.monsido.com *.adsrvr.org www.clarity.ms *.avanser.com *.googlesyndication.com *.doubleclick.net www.googletagservices.com; connect-src 'self' 'unsafe-inline' www.google.com www.gstatic.com maps.gstatic.com maps.googleapis.com ajax.googleapis.com www.google-analytics.com www.youtube.com stats.g.doubleclick.net cdn.plyr.io *.algolia.net *.algolianet.com *.demio.com *.ambithub.com *.visualstudio.com *.google.com *.doubleclick.net *.taboola.com *.googlesyndication.com *.clarity.ms *.monsido.com www.google.com.au *.mktoresp.com *.mktoutil.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; frame-src 'self' www.google.com www.youtube.com *.konicaminolta.com *.cloudfront.net *.doubleclick.net *.adsrvr.org 1
object-src 'none';base-uri 'self';script-src 'nonce-gQfIxCLQLUhOqbB33FXITg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-GlB1KsLGzlobs0sCUxMW4A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleapis.com *.gstatic.com seal.digicert.com *.facebook.net ingress-prd.credisiman.com stats.siman.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src *.gstatic.com data: *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.modirum.com *.alphaecommerce.gr 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.google.com/ https://www.youtube.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com *.googleapis.com https://www.magezon.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.googleapis.com *.avada.io *.google.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src cdn.jsdelivr.net fonts.gstatic.com *.google-analytics.com *.googleapis.com *.analytics.google.com fonts.googleapis.com applepay.cdn-apple.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * api.payplug.com secure.payplug.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org *.google-analytics.com *.googleapis.com *.analytics.google.com maps.gstatic.com *.trackedlink.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.openstreetmap.org maps.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net *.google-analytics.com *.googleapis.com *.analytics.google.com *.db-ip.com maps.googleapis.com js-agent.newrelic.com bam.nr-data.net *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ maps.gstatic.com fonts.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com api.payplug.com applepay.cdn-apple.com https://cdn.payplug.com/js/integrated-payment/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com *.google-analytics.com *.googleapis.com *.analytics.google.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.getalma.eu *.google-analytics.com *.googleapis.com *.analytics.google.com *.db-ip.com maps.googleapis.com bam.nr-data.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.klarnacdn.net *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com eadn-wc03-463152.nxedge.io customneon.com customneon.com.au customneon.co.uk/ eadn-wc02-9281796.nxedge.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.twitter.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.google.com/ www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: *.klarna.com *.limepay.com.au *.twitter.com *.consensu.org *.sharethis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.trustpilot.com checkout.bluesnap.com ssl.kaptcha.com portal.afterpay.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.afterpay.com https://site-assets.afterpay.com/ www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com https://www.magezon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarna.com *.klarnaevt.com *.klarnacdn.net *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.sharethis.com *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.google.co.in lh3.googleusercontent.com phosphor.utils.elfsightcdn.com px.ads.linkedin.com d.adroll.com eadn-wc02-9281796.nxedge.io *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com apis.google.com www.apptrian.com pinterest.com www.pinterest.com s.pinimg.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.limepay.com.au *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.nr-data.net *.newrelic.com *.trackedlink.net *.sharethis.com *.googletagmanager.com *.facebook.net *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.trustpilot.com www.google.co.in static.elfsight.com apps.elfsight.com maps.googleapis.com cdn.audiencelab.io s.adroll.com d.adroll.com static.zdassets.com cdn.websitepolicies.io snap.licdn.com ssl.kaptcha.com universe-static.elfsightcdn.com eadn-wc02-9281796.nxedge.io https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.fontawesome.com https://static.klaviyo.com *.klarnacdn.net *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu unsafe-inline *.trustpilot.com cdn.websitepolicies.io eadn-wc02-9281796.nxedge.io tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.nr-data.net *.newrelic.com *.ampproject.org *.sharethis.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com static.elfsight.com apps.elfsight.com service-reviews-ultimate.elfsight.com maps.googleapis.com ekr.zdassets.com pixel.audiencelab.io app.audiencelab.io pro.ip-api.com a.usbrowserspeed.com storage.elfsight.com customneon.zendesk.com stats.g.doubleclick.net d.adroll.com cdn.linkedin.oribi.io core.service.elfsight.com portal.afterpay.com ssl.kaptcha.com custom-neon.ts.r.appspot.com px.ads.linkedin.com www.facebook.com eadn-wc02-9281796.nxedge.io https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src *.fontawesome.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com https://*.hotjar.com https://static.klaviyo.com https://surveys-static.survicate.com 'self' data: *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.facebook.com https://cosmetis.pt https://cosmetis.com.br 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com www.google.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com secure.authorize.net test.authorize.net js.stripe.com m.stripe.com x.klarnacdn.net klarna.com *.weltpixel.com vars.hotjar.com https://api.ebanxpay.com *.doubleclick.net *.stripe.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://www.cosmetis.pt *.mcusercontent.com *.cloudflare.com *.gstatic.com *.google.com *.google.pt *.google.es *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com *.tradetracker.net *.pampanetwork.com *.mailchimp.com *.cloudfront.net ifthenpay.com https://*.clarity.ms https://c.bing.com https://*.hotjar.com https://content.mercadopago.com https://cosmetis.boost.propelbon.com https://static.zdassets.com http://action.metaffiliation.com *.hsforms.net *.hsforms.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com apis.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com https://chimpstatic.com https://www.googletagmanager.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com tagmanager.google.com https://*.hotjar.com 'unsafe-inline' *.zdassets.com *.zendesk.com *.mailchimp.com mc.us6.list-manage.com *.newrelic.com *.nr-data.net *.doubleclick.net *.activehosted.com *.cloudfront.net wss://*.zopim.com wss://*.wizzy.ai *.app-us1.com trackcmp.net js.ebanx.com https://cdn.ebanx.com https://content.mercadopago.com x.cnt.my *.x.cnt.my citydsp.com https://*.clarity.ms https://www.googleoptimize.com https://survey.survicate.com https://surveys-static.survicate.com https://googleads.g.doubleclick.net https://*.cookie-script.com https://api6.ipify.org https://zuc.cosmetis.pt https://tdj.cosmetis.com.br *.hsforms.net *.hsforms.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.youtube.com *.bootstrapcdn.com *.zendesk.com *.mailchimp.com https://www.googletagmanager.com https://*.hotjar.com 'unsafe-inline' https://surveys-static.survicate.com *.trustpilot.com 'self' 'unsafe-inline'; object-src https://content.mercadopago.com 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.twitter.com *.twimg.com *.google.co.in *.google-analytics.com stats.g.doubleclick.net *.facebook.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.zdassets.com *.zendesk.com *.zopim.com wss://*.zopim.com *.nr-data.net wss://*.wizzy.ai https://*.wizzy.ai https://*.clarity.ms https://surveystats.hotjar.io https://content.hotjar.io https://metrics.hotjar.io https://vc.hotjar.io wss://pod-18.zendesk.com *.ebanxpay.com https://region1.analytics.google.com https://googleads.g.doubleclick.net https://gtm.cosmetis.pt https://gtm.cosmetis.com.br https://zuc.cosmetis.pt https://tdj.cosmetis.com.br t.elasticsuite.io *.hsforms.net *.hsforms.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-KAsafw2XCZyOi1mWL0jUGw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'report-sample' 'self' https://a.realsrv.com/ad-provider.js https://ajfnee.com/p/waWQiOjExMzUyMzUsInNpZCI6MTE2MDcxNiwid2lkIjozNzgyNTIsInNyYyI6Mn0=eyJ.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://yqmxfz.com/pw/waWQiOjExMzUyMzUsInNpZCI6MTE2MDcxNiwid2lkIjozNzgyNTEsInNyYyI6Mn0=eyJ.js; style-src 'report-sample' 'self' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://kiynew.com https://prhzxq.com https://region1.google-analytics.com https://syndication.realsrv.com https://www.google-analytics.com https://yqmxfz.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://www.google.com; img-src 'self' data: https://eliss-vas.com https://i.wmgtr.com https://s.w.org https://s3t3d2y8.afcdn.net https://secure.gravatar.com https://www.google-analytics.com; manifest-src 'self'; media-src 'self' https://s3t3d2y8.afcdn.net; report-uri https://632c6046ef389e2c71225394.endpoint.csper.io/?v=5; worker-src blob:; 1
font-src data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com applepay.cdn-apple.com *.revolut.com *.google.com google.com *.cdn-apple.com cdn.polyfill.io pay.google.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.fonts.googleapis.com data: *.cloudflare.com *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.revolut.com *.google.com *.cdn-apple.com cdn.polyfill.io google.com pay.google.com *.gstatic.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com business.facebook.com *.doubleclick.net *.google.com *.google.it *.pathmonk.com *.visualwebsiteoptimizer.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com api.payplug.com secure.payplug.com *.revolut.com *.cdn-apple.com cdn.polyfill.io *.gstatic.com webservices.securetrading.net *.addthis.com *.pinterest.com *.trustpilot.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src *.adobedtm.com *.omtrdc.net dpm.demdex.net *.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com  *.googleapis.com *.adobe.com *.demdex.net *.magentocommerce.com *.doubleclick.net google.com *.youtube.co *.paypal.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.doofinder.com business.facebook.com https://images.unsplash.com *.google.it *.pathmonk.com *.visualwebsiteoptimizer.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.revolut.com *.google.com *.cdn-apple.com cdn.polyfill.io pay.google.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.addthis.com *.pinterest.com *.cdninstagram.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com  https://magento.com *.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.doofinder.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.facebook.com business.facebook.com int-ecommerce.nexi.it ecommerce.nexi.it www.google.com www.gstatic.com *.cloudflare.com *.twitter.com *.google-analytics.com google.com *.google.it *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.iubenda.com *.plerdy.com *.analytics.google.com *.pathmonk.com *.visualwebsiteoptimizer.com *.varify.io *.kk-resources.com *.doubleclick.net *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com api.payplug.com applepay.cdn-apple.com *.revolut.com *.google.com *.cdn-apple.com cdn.polyfill.io *.development.scalapay.com *.staging.scalapay.com *.scalapay.com webservices.securetrading.net songbirdstag.cardinalcommerce.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.trustpilot.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doofinder.com cdn.dnky.co webchat.dotdigital.com *.doubleclick.net *.google.com *.google.it *.pathmonk.com *.visualwebsiteoptimizer.com *.fontawesome.com unsafe-inline *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.gstatic.com *.trustpilot.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.doubleclick.net *.google.com *.google.it *.pathmonk.com *.visualwebsiteoptimizer.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com  *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.doofinder.com wss://*.doofinder.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com business.facebook.com int-ecommerce.nexi.it ecommerce.nexi.it *.plerdy.com *.doubleclick.net google.com *.google.it *.varify.io *.googlesyndication.com *.iubenda.com *.pathmonk.com *.resources.com *.visualwebsiteoptimizer.com https://get.geojs.io *.avada.io www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.revolut.com *.google.com *.cdn-apple.com cdn.polyfill.io pay.google.com *.gstatic.com o402164.ingest.sentry.io *.cloudflare.com *.paypal.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com *.google-analytics.com analytics.google.com *.facebook.net https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://smarterstore.it/; report-to report-endpoint; 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.co.il https://www.myheritage.co.il  'unsafe-eval' 'nonce-9d8b06985175dfa8f2c362ac038e51c2' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.co.il;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bannerflow.net *.lampenwelt.de *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.storyblok.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com https://cdn.consentmanager.net https://delivery.consentmanager.net secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com challenges.cloudflare.com https://www.recaptcha.net/recaptcha/ *.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net data: *.adyen.com *.brsrvr.com *.bloomreach.cloud https://cdn.consentmanager.net https://delivery.consentmanager.net cdn.pay1.de x.klarnacdn.net *.cloudfront.net *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu lw-cdn.com *.adingo.jp *.adnxs.com *.aralego.com *.bing.com *.bidswitch.net *.bluekai.com *.casalemedia.com *.clmbtech.com *.contentsquare.net *.consentmanager.net *.criteo.com *.dable.io *.doubleclick.net *.google.com *.googleapis.com *.lampenwelt.de *.linkedin.com *.media.net *.outbrain.com *.pubmatic.com *.rlcdn.com *.roeyecdn.com *.rubiconproject.com *.smaato.net *.smartadserver.com *.socdm.com *.stickyadstv.com *.taboola.com *.teads.tv *.unrulymedia.com *.yahoo.com *.yieldmo.com *.1rx.io *.3lift.com *.360yield.com *.storyblok.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com collector.sst.nettilamppu.fi data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com cdn.brcdn.com https://cdn.consentmanager.net https://delivery.consentmanager.net secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io challenges.cloudflare.com https://www.recaptcha.net/recaptcha/ *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com *.aticdn.net *.bing.com *.criteo.com *.contentsquare.net https://delivery *.doubleclick.net *.dwin1.com *.facebook.net *.hello-charles.com *.kk-resources.com *.lampenwelt.de *.licdn.com *.pinimg.com *.pinterest.com *.roeyecdn.com *.salesforceliveagent.com *.scarabresearch.com *.force.com *.tiktok.com *.kameleoon.eu https://js-agent.newrelic.com *.storyblok.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.trustpilot.com collector.sst.nettilamppu.fi 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com d.ratepay.com d.payla.io dr.payla.io *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.force.com *.storyblok.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src https://cdn.consentmanager.net https://delivery.consentmanager.net 'self' 'unsafe-inline'; media-src *.adobe.com https://cdn.consentmanager.net https://delivery.consentmanager.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.dxpapi.com https://cdn.consentmanager.net https://delivery.consentmanager.net payments.amazon.de d.ratepay.com jsctool.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.contentsquare.net *.criteo.com *.doubleclick.net *.googleadservices.com *.hello-charles.com *.lampenwelt.de *.linkedin.com *.pa-cd.com *.pinterest.com *.tiktok.com *.wepowerconnections.com *.xiti.com *.kameleoon.io https://bam.eu01.nr-data.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.trustpilot.com collector.sst.nettilamppu.fi 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://cdn.consentmanager.net https://delivery.consentmanager.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-collector.magento.lampenwelt.tech; report-to report-endpoint; 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com *.royalph.com *.google.com.eg *.snapchat.com *.facebook.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com blueskytechmage.com mageblueskytech.com placehold.jp ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com connect.facebook.net graph.facebook.com business.facebook.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com *.static.hotjar.com *.sc-static.net *.rum-static.pingdom.net *.analytics.tiktok.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com s7.addthis.com *.avada.io https://player.vimeo.com https://www.youtube.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.tr.snapchat.com *.tr6.snapchat.com *.google.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ekr.zdassets.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src *.klevu.com *.ksearchnet.com *.cloudflare.com *.googleapis.com *.zopim.com *.gstatic.com *.tawk.to *.jsdelivr.net media.flixfacts.com 'unsafe-inline' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com oppwa.com *.oppwa.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; frame-ancestors *.hana.ondemand.com 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.google.com https://www.youtube.com oppwa.com *.oppwa.com data:text *.nosto.com *.youtube.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.addthis.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com www.vimeo.com www.youtube.com https://static.klaviyo.com https://fast.a.klaviyo.com js.klevu.com *.ksearchnet.com https://maps.google.com/ *.google.com *.oppwa.com oppwa.com *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.newrelic.com *.klevu.com *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.nosto.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.to *.tawk.link *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.mouseflow.com *.nr-data.net *.facebook.com maps.googleapis.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com commerce.adobedtm.com magento-recs-sdk.adobe.net static.zdassets.com app.mobicredwidget.co.za www.gstatic.com connect.facebook.net bam.nr-data.net googleads.g.doubleclick.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.cloudflare.com *.googleapis.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://static.klaviyo.com https://fast.a.klaviyo.com *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.testfreaks.com *.google.com *.nosto.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.paypal.com *.tawk.to wss://*.tawk.to *.tawk.link *.addthis.com *.addthisedge.com *.nr-data.net vsb111.tawk.to ekr.zdassets.com api.magento.com commerce.adobedc.net app.mobicredwidget.co.za www.google-analytics.com wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-eval' data: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; img-src https://widgets.payflex.co.za/ widgets.magentocommerce.com 'unsafe-inline' data: www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://a.klaviyo.com *.klevu.com *.ksearchnet.com https://www.magezon.com oppwa.com *.oppwa.com *.cloudflare.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.gstatic.com *.zopim.com *.nosto.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co *.tawk.to tawk.link *.tawk.link *.addthis.com *.jsdelivr.net *.facebook.com *.youtube.com *.azurewebsites.net www.google-analytics.com maps.googleapis.com app.mobicredwidget.co.za amcglobal.sc.omtrdc.net media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com *.zopim.com fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.magerocket.com *.gocuotas.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.addthis.com *.doubleclick.com *.getblue.io *.addtoany.com *.magerocket.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe *.gocuotas.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com *.metricool.com *.google.com.ar *.google.com *.storydots.app storydots.app *.magerocket.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe *.gocuotas.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.aptrinsic.com *.facebook.net *.facebook.com *.zopim.com *.zdassets.com *.embluemail.com *.getblue.io *.doubleclick.com *.newrelic.com *.nr-data.net *.addtoany.com *.woowup.com *.storydots.app storydots.app *.magerocket.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe *.gocuotas.com https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com unsafe-inline *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.net *.facebook.com *.zopim.com *.zdassets.com *.doubleclick.com *.nr-data.net *.storydots.app storydots.app *.magerocket.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe *.gocuotas.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.aptrinsic.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com https://*.gstatic.com https://*.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com https://*.google.com *.sagepay.com *.opayo.eu.elavon.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw account.fetchify.com https://*.doubleclick.net https://*.hotjar.com js.stripe.com hooks.stripe.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.paypal.com * *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.trackedlink.net *.stripe.com https://*.google.com ebizmarts-website.s3.amazonaws.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com https://*.doubleclick.net https://*.google.co.uk https://*.cloudfront.net store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com *.facebook.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com https://www.google.com *.sagepay.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://www.gstatic.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com js.stripe.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com tagmanager.google.com *.facebook.net unpkg.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com https://*.googleapis.com *.sagepay.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com cc-cdn.com https://*.typekit.net unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.google.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com www.xtento.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://*.addthis.com http://*.addthis.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.ftcdn.net *.behance.net https://static.afterpay.com https://site-assets.afterpay.com/ 'self' data: https://www.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com www.xtento.com cdn.xtento.com *.trackedlink.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com https://eb2.3lift.com https://ib.adnxs.com https://*.adroll.com http://*.adroll.com https://*.bidswitch.net https://dsum-sec.casalemedia.com https://www.google.com.au https://www.google.com.vn https://idsync.rlcdn.com https://pixel.rubiconproject.com https://us-u.openx.net https://sync.outbrain.com https://image2.pubmatic.com https://sync.taboola.com https://ups.analytics.yahoo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net polyfill.io *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com www.xtento.com cdn.xtento.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://*.addthis.com http://*.addthis.com https://v1.addthisedge.com https://*.adroll.com http://*.adroll.com https://t.cfjump.com https://static.hotjar.com http://static.hotjar.com https://script.hotjar.com https://*.newrelic.com https://z.moatads.com https://widgets.pinterest.com http://widgets.pinterest.com https://analytics.tiktok.com https://cfjump.windsorsmith.com.au https://static.zdassets.com https://v2.zopim.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com static.afterpay.com/ *.squarecdn.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com https://s.adroll.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adobe.io performance.typekit.net *.sentry.io static.afterpay.com static.sandbox.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.clearpay.co.uk *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.google-analytics.com *.facebook.com *.facebook.net *.google.com https://stats.g.doubleclick.net *.googlesyndication.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com https://*.addthis.com http://*.addthis.com https://*.adroll.com http://*.adroll.com https://static.hotjar.com http://static.hotjar.com https://analytics.tiktok.com https://*.zdassets.com https://windsorsmith.zendesk.com https://bam.nr-data.net https://vc.hotjar.io https://*.afterpay.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-ujgMTnjO2G7SanhosLeBjw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.bglobale.com *.global-e.com *.fontawesome.com *.gstatic.com 'self' data: *.cloudflare.com *.makeupar.com *.rakuten.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.americanexpress.com *.arcot.com *.creditmutuel.fr *.mercurypaymentservices.it *.nexi.it *.nexigroup.com *.redsys.es *.rsa3dsauth.co.uk *.rsa3dsauth.com *.securesuite.co.uk *.securesuite.net *.cardinalcommerce.com facebook.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com www.google.com *.bglobale.com *.global-e.com checkout.postfinance.ch fragranceprofiler-storieveneziane.com *.qualifioapp.com *.sproutvideo.com *.timify.com *.webotit.ai *.3dsecure-csas.cz *.americanexpress.com *.arcot.com *.asseco-see.hr *.cardinalcommerce.com *.cic.fr *.cooppank.ee *.creditmutuel.fr *.dnp-cdms.jp *.mercurypaymentservices.it *.nexi.it *.redsys.es *.rsa3dsauth.co.uk *.rsa3dsauth.com *.secure.lcl.fr *.securesuite.net *.sparkasse.at *.criteo.com *.criteo.net doubleclick.net *.doubleclick.net facebook.com *.facebook.com *.googlesyndication.com tracead.com *.tracead.com *.trustcommander.net youtu.be *.youtu.be youtube-nocookie.com pay.google.com *.nexigroup.com *.securesuite.co.uk *.wlp-acs.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.adyen.com *.bglobale.com *.global-e.com https://images.unsplash.com checkout.postfinance.ch 'self' data: s3s.fr *.s3s.fr *.amazonaws.com *.makeupar.com *.shipup.co adsrvr.org *.adsrvr.org *.baidu.com bing.com *.bing.com boxclone.com *.clarity.ms *.criteo.net http://sync.commander1.com/ commander1.com *.commander1.com doubleclick.net *.doubleclick.net facebook.com *.facebook.com *.facebook.net *.fillr.com goldenbees.fr *.goldenbees.fr google-analytics.com *.google-analytics.com *.googlesyndication.com *.googletagmanager.com linksynergy.com *.linksynergy.com sync.smartadserver.com tagcommander.com *.tagcommander.com *.tiktok.com *.trustcommander.net *.google.ad *.google.ae *.google.af *.google.ag *.google.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.nr-data.net abtasty.com *.abtasty.com quanta.io *.quanta.io google.com *.google.com *.googleapis.com gstatic.com *.gstatic.com lamaisonvalmont.com *.lamaisonvalmont.com *.cookielaw.org data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.adyen.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.bglobale.com *.global-e.com https://widgets.rr.skeepers.io/ https://api-product-reviews.rr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ checkout.postfinance.ch *.google.com *.gstatic.com *.amazonaws.com *.cloudflare.com *.makeupar.com *.qualifio.com *.qualifioapp.com *.rewardstyle.com *.shipup.co *.timify.com *.webotit.ai adition.com *.adition.com adnxs.com *.adnxs.com adventori.com *.adventori.com bing.com *.bing.com boxclone.com clarity.ms *.clarity.ms commander1.com *.commander1.com criteo.com *.criteo.com doubleclick.net *.doubleclick.net facebook.net *.facebook.net *.giocdn.com googleadservices.com *.googleadservices.com *.googlesyndication.com hublosk.com jullyambery.net nxtck.com *.nxtck.com rakuten.com *.rakuten.com *.tagcommander.com tiktok.com *.tiktok.com tracead.com *.tracead.com *.trustcommander.net conoret.com newrelic.com nr-data.net *.hotjar.com *.tkrconnector.com abtasty.com *.abtasty.com quanta.io *.quanta.io googleapis.com *.googleapis.com youtube.com *.cookielaw.org 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.bglobale.com *.global-e.com *.fontawesome.com *.googleapis.com *.gstatic.com *.cloudflare.com *.shipup.co 'self' 'unsafe-inline'; object-src *.youtube.com 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com https://widgets.rr.skeepers.io/ https://api-product-reviews.rr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ t.elasticsuite.io *.google-analytics.com fondationvalmont.com *.cloudflare.com *.ipify.org *.makeupar.com *.shipup.co *.valmontcosmetics.com *.hotjar.com wss://*.hotjar.com *.tkrconnector.com bing.com *.bing.com commander1.com *.commander1.com clarity.ms *.clarity.ms *.doubleclick.net *.facebook.com google.com *.google.com *.googlesyndication.com *.googletagmanager.com tiktok.com *.tiktok.com yandex.ru *.google.ad *.google.ae *.google.af *.google.ag *.google.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw nr-data.net abtasty.com *.abtasty.com *.hotjar.io noembed.com *.noembed.com quanta.io *.quanta.io plyr.io *.plyr.io googleapis.com *.googleapis.com *.cookielaw.org *.onetrust.com *.trustcommander.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://valmont.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://www.youtube.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://*.addthis.com https://*.moatads.com https://*.addthisedge.com; style-src 'self' fonts.googleapis.com 'unsafe-inline'; img-src 'self' https://graph.facebook.com https://platform-lookaside.fbsbx.com https://fbcdn.net https://adorable.io https://*.amazonaws.com https://*.fbcdn.net https://*.adorable.io *.fbcdn.net *.adorable.io https://i.ytimg.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com data:; media-src 'self' https://*.amazonaws.com data:; connect-src 'self' https://stage-admin.ownagepranks.com https://www.google-analytics.com https://api-public.addthis.com https://stats.g.doubleclick.net; frame-src 'self' https://www.youtube.com https://js.stripe.com https://*.addthis.com https://www.facebook.com; font-src 'self' fonts.gstatic.com data:; worker-src blob: 1
object-src 'none';base-uri 'self';script-src 'nonce-mnK6DdhIHiALSx-H_qDkNQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com https://media.laspepas.com.ar https://fonts.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.mercadolibre.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.apptrian.com www.facebook.com http://www.afip.gob.ar https://notifications-icommkt.website https://media.laspepas.com.ar *.postimg.cc *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com *.avada.io https://maps.google.com https://www.googletagmanager.com/ https://www.google.com/pagead/conversion_async.js https://googleads.g.doubleclick.net *.cloudfront.net/ *.mlstatic.com *.mercadopago.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com https://media.laspepas.com.ar https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com www.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com connect.facebook.net graph.facebook.com https://get.geojs.io *.avada.io https://maps.googleapis.com/ https://track-icommkt.com/ https://notifications-icommkt.com https://www.mailing.laspepas.com.ar *.mercadopago.com *.mercadolibre.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.alothemes.com *.magepow.com www.lochcarron.co.uk https://fonts.gstatic.com/ https://script.hotjar.com/ https://fonts.googleapis.com/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.lochcarron.co.uk 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.lochcarron.co.uk 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.instagram.com www.google.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com www.lochcarron.co.uk *.issuu.com *.pinterest.com *.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cdninstagram.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.alothemes.com *.magepow.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com www.lochcarron.co.uk lochcarron.d6staging.co.uk *.google.com *.google.co.uk *.feefo.com *.gstatic.com *.facebook.com *.pinterest.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.instagram.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.alothemes.com *.magepow.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com www.lochcarron.co.uk lochcarron.d6staging.co.uk *.zendesk.com *.zdassets.com *.facebook.com *.facebook.net *.doubleclick.net *.feefo.com *.pcapredict.com *.cloudflareinsights.com https://s.pinimg.com/ https://*.hotjar.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.alothemes.com *.magepow.com unsafe-inline assets.braintreegateway.com www.lochcarron.co.uk lochcarron.d6staging.co.uk https://fonts.googleapis.com/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ www.lochcarron.co.uk 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.alothemes.com *.magepow.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com www.lochcarron.co.uk *.zendesk.com *.zdassets.com *.feefo.com https://*.analytics.google.com/ https://ct.pinterest.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.lochcarron.co.uk http: https: blob: 'self' 'unsafe-inline'; default-src www.lochcarron.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com https://static.addtoany.com/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://www.magezon.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.addtoany.com/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.avada.io *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://stats.addtoany.com/menu *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://get.geojs.io *.avada.io *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'strict-dynamic' 'nonce-l6yVU047DGyW2Fjv78VzGMT2+2g24kyjHTtdIuN/9Us=' 'unsafe-inline' http: https:;object-src 'none';base-uri 'none';frame-ancestors 'self'; 1
default-src 'self' 'unsafe-inline' https://www.musculardystrophyuk.org; img-src 'self' data: https: https://www.musculardystrophyuk.org https://*.analytics.google.com https://*.google-analytics.com; font-src 'self' data: https://www.musculardystrophyuk.org https://*.fundraiseup.com https://*.gstatic.com https://*.tawk.to/ https://*.userway.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.musculardystrophyuk.org https://*.cookiebot.com https://*.crazyegg.com https://*.facebook.net https://*.fundraiseup.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.licdn.com https://*.monsido.com https://*.muchloved.com https://*.paypal.com https://*.stripe.com https://*.tawk.to/ https://*.userway.org https://*.youtube.com https://cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js https://cdn.jsdelivr.net/npm/air-datepicker@3.3.5/air-datepicker.min.js https://cdnjs.cloudflare.com/ajax/libs/easyXDM/2.4.19/easyXDM.min.js https://muscular-dystrophyuk.org; style-src 'self' 'unsafe-inline' https://www.musculardystrophyuk.org https://*.googleapis.com https://*.tawk.to/ https://*.userway.org https://cdn.jsdelivr.net/npm/air-datepicker@3.3.5/air-datepicker.min.css; frame-src 'self' https://www.musculardystrophyuk.org https://*.cookiebot.com https://*.google.com https://*.muchloved.com https://*.paypal.com https://*.stripe.com https://*.thinglink.com/ https://*.vimeo.com https://*.youtube-nocookie.com https://*.youtube.com https://api.userway.org https://facetwp.com https://muscular-dystrophyuk.org/ https://userway.org; connect-src 'self' https://www.musculardystrophyuk.org https://*.cookiebot.com https://*.crazyegg.com https://*.doubleclick.net https://*.facebook.com https://*.fundraiseup.com https://*.google-analytics.com https://*.google.com https://*.googlesyndication.com https://*.linkedin.com https://*.monsido.com https://*.paypal.com https://*.stripe.com https://*.tawk.to/ https://*.userway.org https://api.addressy.com https://fndrsp-checkout.net https://fndrsp.net https://google.com https://stats.g.doubleclick.net https://vimeo.com https://yoast.com wss://*.tawk.to/ 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report; connect-src https: *.callbackhunter.com;  1
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; report-uri https://csplogger.verona.hoppinger.com/log 1
img-src 'self' data: https://i0.wp.com  https://scontent-ams4-1.cdninstagram.com  https://www.googletagmanager.com  https://fundingchoicesmessages.google.com  https://pagead2.googlesyndication.com  https://scontent-ams2-1.cdninstagram.com  https://ssl.google-analytics.com  https://www.gstatic.com  https://pixel.wp.com  https://2.gravatar.com  https://www.google-analytics.com  https://i.ytimg.com  https://c0.wp.com  https://region1.google-analytics.com  https://en.wordpress.com  https://0.gravatar.com  https://graph.facebook.com  https://translate.google.com  https://fonts.gstatic.com  https://lm.facebook.com  https://secure.gravatar.com https://ts.w.org https://s.w.org https://ps.w.org ; default-src 'self'; script-src 'self' 'unsafe-inline' https://ajax.googleapis.com  https://pagead2.googlesyndication.com  https://fundingchoicesmessages.google.com  https://cdn.ampproject.org  https://c0.wp.com  https://www.googletagmanager.com  https://secure.gravatar.com  https://ssl.google-analytics.com  https://stats.wp.com  https://www.google-analytics.com  https://www.youtube.com  https://connect.facebook.net  https://tpc.googlesyndication.com  https://s0.wp.com  https://widgets.wp.com  https://public-api.wordpress.com  https://platform.twitter.com  https://www.gstatic.com  'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://ajax.googleapis.com  https://pagead2.googlesyndication.com  https://fundingchoicesmessages.google.com  https://cdn.ampproject.org  https://c0.wp.com  https://www.googletagmanager.com  https://secure.gravatar.com  https://ssl.google-analytics.com  https://stats.wp.com  https://www.google-analytics.com  https://www.youtube.com  https://connect.facebook.net  https://tpc.googlesyndication.com  https://s0.wp.com  https://widgets.wp.com  https://public-api.wordpress.com  https://platform.twitter.com  https://www.gstatic.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com  https://c0.wp.com  https://0.gravatar.com  https://s0.wp.com  https://widgets.wp.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://www.gstatic.com ; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com  https://c0.wp.com  https://0.gravatar.com  https://s0.wp.com  https://widgets.wp.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://www.gstatic.com ; font-src 'self' https://fonts.gstatic.com  https://s0.wp.com  https://c0.wp.com  https://s1.wp.com  data:; frame-src 'self' https://pagead2.googlesyndication.com  https://googleads.g.doubleclick.net  https://www.google.com  https://regionoordkop.nl  https://jetpack.wordpress.com  https://www.youtube.com  https://widgets.wp.com  https://tpc.googlesyndication.com  https://securepubads.g.doubleclick.net  https://videostream.regionoordkop.nl  blob:; connect-src 'self' https://region1.google-analytics.com  https://fundingchoicesmessages.google.com  https://csi.gstatic.com  https://pagead2.googlesyndication.com  https://www.google-analytics.com  https://ssl.google-analytics.com  https://d-2360332268794335181.ampproject.net  https://secure.gravatar.com  https://d-41330975111536646549.ampproject.net  https://cdn.ampproject.org  https://d-36493041751635965080.ampproject.net  https://d-2773816175503792647.ampproject.net  https://d-176039447659659481.ampproject.net  https://d-37452380702968055101.ampproject.net  https://d-11691775642349559815.ampproject.net  https://d-27355144911761356759.ampproject.net  https://d-34786934221692660426.ampproject.net  https://d-16138100842622816106.ampproject.net  https://d-3818646104660516932.ampproject.net  https://yoast.com  https://d-26115600043775893767.ampproject.net  https://d-3838127478330946704.ampproject.net  https://d-42919052791637421531.ampproject.net  https://d-1911249883580680310.ampproject.net  https://d-769241360505105905.ampproject.net  https://d-31447418282186865621.ampproject.net  https://d-3852119430916551317.ampproject.net  https://d-151702110613363947.ampproject.net  https://d-6050574151407560447.ampproject.net  https://d-11252121411635492870.ampproject.net  https://d-8446026402894668079.ampproject.net  https://d-2824508583368443261.ampproject.net  https://d-8029301461468056069.ampproject.net  https://d-24435214693704063044.ampproject.net  https://d-2256982934429750974.ampproject.net  https://d-15854132441038246605.ampproject.net  https://d-66509518828134139.ampproject.net  https://d-32503065114022091630.ampproject.net  https://d-21552886171140480983.ampproject.net  https://d-36721988801049084448.ampproject.net  https://d-3869293378222353248.ampproject.net  https://d-20928346373149769045.ampproject.net  https://d-2730415550397443441.ampproject.net  https://d-33284416592709172647.ampproject.net  https://d-31336645263174453356.ampproject.net  https://d-935177901928523292.ampproject.net  https://d-38244228612929258037.ampproject.net  https://widgets.wp.com  https://d-11163716922639478974.ampproject.net  https://d-5963255931205426536.ampproject.net  https://d-21760358024288118238.ampproject.net  https://d-10082965902187203230.ampproject.net  https://d-34293638061805372919.ampproject.net  https://d-19588137083738096398.ampproject.net  https://d-32275693072910533761.ampproject.net  https://d-4597211482317159336.ampproject.net  https://d-16373118233153297214.ampproject.net  https://d-2828607422712837884.ampproject.net  https://d-34632534872522953836.ampproject.net  https://d-22937010782645638635.ampproject.net  https://d-18939109003549193047.ampproject.net  https://d-36498402051454421987.ampproject.net  https://d-2892011865432723985.ampproject.net  https://d-34836342681282046981.ampproject.net  https://d-10953405242804383868.ampproject.net  https://www.googletagmanager.com  https://d-13928453573794284229.ampproject.net  https://d-8340680843760458198.ampproject.net  https://d-17219578291172514775.ampproject.net  https://d-1358775996940104496.ampproject.net  https://d-33282535831448425740.ampproject.net  https://d-15404108131599118088.ampproject.net  https://d-480064617588981138.ampproject.net  https://d-2187905180416458493.ampproject.net  https://d-41596410913257791671.ampproject.net  https://d-39687749711871205614.ampproject.net  https://d-262360845793793712.ampproject.net  https://d-3879862922534997110.ampproject.net  https://d-1878264682732032553.ampproject.net  https://d-3496488216976797405.ampproject.net  https://d-2242884156295267940.ampproject.net  https://d-2957719992027060524.ampproject.net  https://d-9646738884136366139.ampproject.net  https://d-2115776600416729549.ampproject.net  https://d-27428132092215880811.ampproject.net  https://d-41851661613156476149.ampproject.net  https://d-29896657242226221313.ampproject.net  https://d-553351371428999009.ampproject.net  https://d-4987009163887972916.ampproject.net  https://d-13394118851607207630.ampproject.net  https://d-39590258672715997667.ampproject.net  https://d-901957874075087168.ampproject.net  https://d-7134718932829936118.ampproject.net  https://d-11165608721998578060.ampproject.net  https://d-36772113493711164339.ampproject.net  https://d-38323678772674082231.ampproject.net  https://d-553017372123756695.ampproject.net  https://d-42260119711605378347.ampproject.net  https://d-14407214482597254021.ampproject.net  https://d-262946309395328588.ampproject.net  https://d-3548858408369122984.ampproject.net  https://d-3930187255395094161.ampproject.net  https://d-3056755072629267041.ampproject.net  https://d-24006062844201836403.ampproject.net  https://d-6463981782506611520.ampproject.net  https://d-265139740235891565.ampproject.net  https://d-11687834153427300677.ampproject.net  https://d-886272058323426511.ampproject.net  https://d-2966376966762397914.ampproject.net  https://d-15377791272627656064.ampproject.net  https://d-37369091701289974227.ampproject.net  https://d-3102112612715855372.ampproject.net  https://d-29206234823190584610.ampproject.net  https://d-30897795611895625075.ampproject.net  https://d-28758486352120925681.ampproject.net  https://d-23105092854179655072.ampproject.net  https://d-21056757272297684749.ampproject.net;  worker-src 'self' blob:;  media-src 'self' https://radio.regionoordkop.nl;  report-uri https://www.region 1
; report-uri https://realtyhive.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com *.tawk.to *.doubleclick.net *.facebook.com *.facebook.net *.aliyuncs.com cdn.jsdelivr.net www.atlas.lk analytics.google.com *.googleapis.com www.google.lk paykoko.com atlas.slwebcreations.com static.mintpay.lk ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-to csp-endpoint 1
object-src 'none';base-uri 'self';script-src 'nonce-nflx7mJkGzQsHFP8Sd8m7Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https:; connect-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; script-src https: 'unsafe-eval' 'unsafe-inline'; media-src https: 'self' blob:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
object-src 'none';base-uri 'self';script-src 'nonce-QJotwkAe2Y1dCBKaUcf8DA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-GvXfLWxoSF2CVFUySsy6_g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; script-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://github.com https://platform.twitter.com https://unpkg.com https://www.google.com mdbootstrap.com; script-src-attr 'self'; style-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com mdbootstrap.com use.fontawesome.com; style-src-attr 'self'; frame-ancestors 'self' 1
font-src *.klevu.com *.ksearchnet.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.shopperapproved.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ https://plumrocket.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://www.shopperapproved.com *.klevu.com *.ksearchnet.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.shopperapproved.com https://direct.shopperapproved.com js.klevu.com *.ksearchnet.com *.avada.io https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klevu.com *.ksearchnet.com *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-Psc81zT1Ogj64qmKMOZFHg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self';            script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.browsealoud.com https://*.google-analytics.com https://siteimproveanalytics.com https://*.googletagmanager.com https://*.google.com https://*.googleadservices.com https://*.gstatic.com https://*.facebook.net https://*.twitter.com https://cdn.syndication.twimg.com;            script-src-elem 'self' 'unsafe-inline' https://*.browsealoud.com https://*.google-analytics.com https://siteimproveanalytics.com https://www.googletagmanager.com https://*.google.com https://*.googleapis.com https://*.googleadservices.com https://connect.facebook.net https://www.gstatic.com https://*.twitter.com https://cdn.syndication.twimg.com;            style-src 'self' 'unsafe-inline' https://*.myfonts.net https://*.bootstrapcdn.com;            style-src-elem 'self' 'unsafe-inline' https://*.browsealoud.com https://*.googleapis.com https://*.myfonts.net https://*.bootstrapcdn.com https://*.twitter.com https://*.twimg.com;            img-src * data:;            font-src * data:;            connect-src 'self' https://*.google-analytics.com https://*.googleapis.com https://*.google.com https://*.browsealoud.com https://stats.g.doubleclick.net https://*.speechstream.net;            media-src * blob: data:;            frame-src 'self' https://*.iprox.nl https://*.waterschaplimburg.nl https://www.youtube.com https://*.google.com https://waterschap-limburg.vergunningen.info https://*.maps.arcgis.com https://*.arcgis.com https://*.twitter.com https://*.vimeo.com https://www.waterstandlimburg.nl https://*.doubleclick.net https://*.googletagmanager.com;            frame-ancestors 'self' https://*.iprox.nl https://*.waterschaplimburg.nl https://www.geleenbeekdal.nl https://www.waterleeftinbeek.nl https://www.wbl.nl https://www.zuidelijkmaasdal.nl https://wblnl.sharepoint.com 1
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com www.bugherd.com *.cloudfront.net *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.fontawesome.com *.bootstrapcdn.com *.tidiochat.com cleardesign.co.uk *.cleardesign.co.uk fonts.gstatic.com data: *.hotjar.com *.zopim.com *.salesfire.co.uk maxcdn.bootstrapcdn.com *.reviews.io *.reviews.co.uk *.klarnacdn.net *.stripe.com klarna.com *.klarna.com *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com accounts.google.com *.cloudflare.com *.doubleclick.net cleardesign.co.uk *.cleardesign.co.uk *.avada.io *.hotjar.com www.facebook.com live.sagepay.com *.reviews.io *.reviews.co.uk *.salesfire.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com img.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.bird.eu bugherd-attachments.s3.amazonaws.com *.cloudfront.net *.cloudflare.com *.lfeeder.com *.google-analytics.com *.google.co.uk *.tidiochat.com cleardesign.co.uk *.cleardesign.co.uk bat.bing.com www.google.co.uk stats.g.doubleclick.net maps.gstatic.com maps.googleapis.com www.facebook.com *.cdninstagram.com services.postcodeanywhere.co.uk *.zopim.com *.salesfire.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.reviews.io *.reviews.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ accounts.google.com www.bugherd.com *.cloudfront.net data: developer.adobe.com *.magento.com *.calendly.com *.cookie-script.com *.inspectlet.com *.tidio.co *.tidiochat.com *.jotform.com *.doubleclick.net *.trackedlink.net *.lfeeder.com *.leadforensics.com *.clarity.ms *.google-analytics.com *.googletagmanager.com URL cleardesign.co.uk *.cleardesign.co.uk 'unsafe-inline' bat.bing.com www.google.com www.gstatic.com maps.googleapis.com *.hotjar.com chimpstatic.com connect.facebook.net pi-test.sagepay.com services.postcodeanywhere.co.uk *.pcapredict.com *.zopim.com *.zdassets.com *.salesfire.co.uk widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com *.avada.io *.reviews.io *.reviews.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com accounts.google.com *.cloudfront.net *.cloudflare.com *.googleapis.com *.bootstrapcdn.com *.typekit.net cleardesign.co.uk *.cleardesign.co.uk URL fast.fonts.net services.postcodeanywhere.co.uk widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com *.reviews.io *.reviews.co.uk *.salesfire.co.uk *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.tidiochat.com cleardesign.co.uk *.cleardesign.co.uk 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com accounts.google.com www.bugherd.com sessions.bugsnag.com wss://ws.pusherapp.com *.pusher.com https://developer.adobe.com *.analytics.google.com *.google-analytics.com www.google.co.uk *.clarity.ms *.tidio.co *.doubleclick.net *.inspectlet.com wss://socket.tidio.co *.cookie-script.com cleardesign.co.uk *.cleardesign.co.uk stats.g.doubleclick.net *.hotjar.com *.hotjar.io www.facebook.com graph.instagram.com services.postcodeanywhere.co.uk *.zopim.com *.smartmetrics.co.uk *.zendesk.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ https://get.geojs.io *.avada.io *.cloudfront.net *.reviews.io *.reviews.co.uk *.salesfire.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://widgets.trustedshops.com fonts.gstatic.com *.zohocdn.com *.zoho.eu data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.luznegra.net www.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com cdn.doofinder.com validate.fishpig.co.uk *.zohostatic.eu *.zoho.eu salesiq.zohopublic.eu files.zohopublic.eu *.facebook.com *.google.de integrations.etrusted.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com *.zohocdn.com *.google.es *.gstatic.com *.googleapis.com *.sharethis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.doofinder.com *.avada.io *.googletagmanager.com https://www.googletagmanager.com tagmanager.google.com *.zohostatic.eu *.jsdelivr.net *.facebook.net *.facebook.com *.doubleclick.net cdn.omniconvert.com maillist-manage.eu js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.zohocdn.com *.zoho.eu *.googleapis.com *.sharethis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.doofinder.com *.fontawesome.com *.zohostatic.eu *.jsdelivr.net *.facebook.net *.facebook.com *.doubleclick.net integrations.etrusted.com unsafe-inline https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com tagmanager.google.com fonts.google.com *.zohocdn.com *.zoho.eu *.googleapis.com 'self' 'unsafe-inline'; object-src *.luznegra.net 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.doofinder.com wss://*.doofinder.com https://get.geojs.io *.avada.io *.google-analytics.com https://www.google-analytics.com *.zohopublic.eu meetanshi.com vts.zohopublic.eu wss://vts.zohopublic.eu *.google.de *.google.es www.google.es stats.g.doubleclick.net app.omniconvert.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.analytics.google.com *.googletagmanager.com *.zoho.eu *.googleapis.com *.sharethis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.varisan-smapp.com *.iadvize.com *.cartsguru.io *.github.com github.com *.hipay.com *.fontawesome.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ secure-gateway.hipay-tpp.com *.hipay.com *.weltpixel.com *.sendcloud.sc *.varisan-smapp.com *.iadvize.com static.axept.io *.cartsguru.io *.addthis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * sdk.varisan-smapp.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.varisan-smapp.com *.iadvize.com *.cartsguru.io *.hipay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ secure-gateway.hipay-tpp.com *.hipay.com mpsnare.iesnare.com s7.addthis.com *.sendcloud.sc *.varisan-smapp.com *.iadvize.com static.axept.io *.cartsguru.io stage-secure-gateway.hipay-tpp.com *.matomo.cloud *.beyable.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.avada.io https://widgets.rr.skeepers.io/ https://api-product-reviews.rr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.hipay.com *.varisan-smapp.com *.iadvize.com *.cartsguru.io https://cdn.jsdelivr.net *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: mpsnare.iesnare.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.hipay.com wss://mpsnare.iesnare.com ekr.zdassets.com/ *.varisan-smapp.com *.iadvize.com *.cartsguru.io *.carts.guru stage-secure-gateway.hipay-tpp.com *.axept.io *.matomo.cloud googleads.g.doubleclick.net https://get.geojs.io *.avada.io https://widgets.rr.skeepers.io/ https://api-product-reviews.rr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com www.googleapis.com *.google-analytics.com *.facebook.net https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src cdn.jsdelivr.net https://fonts.gstatic.com cdn.almapay.com fonts.googleapis.com fonts.gstatic.com *.fontawesome.com applepay.cdn-apple.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://connect-v2.fintecture.com https://connect-v2-sbx.fintecture.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.getalma.eu www.google.com *.avis-verifies.com secure-gateway.hipay-tpp.com *.hipay.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * api.payplug.com secure.payplug.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com lumao.eu *.google.fr *.google.com *.myspectro.io axeptio.imgix.net favicons.axept.io bat.bing.com cdn.wisepops.net *.avis-verifies.com cdn.doofinder.com openstreetmap.org maps.googleapis.com maps.gstatic.com https://assets.fintecture.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.doofinder.com *.myspectro.io static.axept.io bat.bing.com www.clarity.ms cdn.segment.com wisepops.net cdn.wisepops.net cdn.wisepops.com *.avis-verifies.com cdn.doofinder.com secure-gateway.hipay-tpp.com *.hipay.com mpsnare.iesnare.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ widgets.rr.skeepers.io https://api-product-reviews.rr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com api.payplug.com applepay.cdn-apple.com https://cdn.payplug.com/js/integrated-payment/ *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net https://fonts.googleapis.com *.doofinder.com *.hipay.com fonts.googleapis.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: mpsnare.iesnare.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.getalma.eu *.doofinder.com  *.google-analytics.com *.doubleclick.net pagead2.googlesyndication.com tracking.myspectro.io client.axept.io api.axept.io cdn.segment.com api.segment.io *.clarity.ms wisepops.net activity.wisepops.net tracking.wisepops.net wisepops.com activity.wisepops.com tracking.wisepops.com *.hipay-tpp.com bat.bing.com *.avis-verifies.com *.cloudflare.com wss://*.doofinder.com *.hipay.com wss://mpsnare.iesnare.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ widgets.rr.skeepers.io/ https://api-product-reviews.rr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com data: oct8necdneu.azureedge.net https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com fonts.bunny.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com sis-t.redsys.es:* sis.redsys.es sis-t.sermepa.es:* sis.sermepa.es test.saferpay.com www.saferpay.com saferpay.com *.facebook.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://*.google.com *.doubleclick.net *.facebook.com *.vimeo.com *.cookiebot.com *.oct8ne.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com test.saferpay.com www.saferpay.com saferpay.com *.moengage.com collect.trbo.com track2.trbo.com *.sovendus.com *.gutscheinconnection.de e.issuu.com oswald.onlyfy.jobs 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.gstatic.com 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googleapis.com *.google.com *.google.es *.google.com.br *.google-analytics.com *.g.doubleclick.net oct8necdneu.azureedge.net https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com test.saferpay.com www.saferpay.com saferpay.com moe-email-campaigns.s3.amazonaws.com *.moengage.com *.betaroiup.com *.oswald-info.com ade.googlesyndication.com *.google.ch *.sovendus.com *.gutscheinconnection.de ch.media.oswald-info.com bat.bing.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com https://*.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com polyfill.io *.googleapis.com *.google.com *.google.es *.google.com.br *.g.doubleclick.net *.cookiebot.com *.oct8ne.com *.adyen.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com test.saferpay.com www.saferpay.com saferpay.com *.moengage.com embed.typeform.com bam.eu01.nr-data.net js-agent.newrelic.com oswald-info.com cdn.freshmarketer.com www.googletagservices.com pagead2.googlesyndication.com static.trbo.com api-v4.trbo.com *.sovendus.com *.gutscheinconnection.de *.adt313.net bat.bing.com *.clarity.ms oswald.onlyfy.jobs oswald.jobbase.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com *.moengage.com fonts.bunny.net stackpath.bootstrapcdn.com cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.google-analytics.com *.google-analytics.com *.facebook.com *.facebook.net https://*.google.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.g.doubleclick.net *.oct8ne.com *.adyen.com *.googleapis.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com test.saferpay.com www.saferpay.com saferpay.com *.moengage.com bam.eu01.nr-data.net oswald-info.com consentcdn.cookiebot.com *.sovendus.com *.gutscheinconnection.de *.clarity.ms pagead2.googlesyndication.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.mercadolibre.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.magezon.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.avada.io *.mlstatic.com *.mercadopago.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolibre.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com *.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.magezon.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.google.com/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src downloads.mailchimp.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com unsafe-inline tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' ccm.net.br *.ccm.net.br ccm.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.google-analytics.com *.googleapis.com *.google.com.br *.g.doubleclick.net *.rdstation.com.br *.clearsale.com.br *.rd.services *.googleadservices.com *.fbits.store *.adyen.com d335luupugsy2.cloudfront.net *.pagar.me *.mundipagg.com *.braintree-api.com *.*.braintree-api.com *.braintreegateway.com *.*.braintreegateway.com *.mimo.com.br *.clarity.ms *.pagseguro.com.br *.*.pagseguro.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.ccm.net.br ccm.net.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho 1
font-src *.fontawesome.com *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ bid.g.doubleclick.net *.bugherd.com *.prismic.io *.netmailer.ch *.google.com *.wufoo.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://images.unsplash.com *.gstatic.com *.magentocommerce.com *.bing.com *.google.rs *.trackjs.com *.prismic.io *.profity.ch *.clarity.ms *.facebook.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; script-src *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js track.bx-cloud.com/static/bav2.min.js r-st.bx-cloud.com/static/bav2.min.js r-st.bx-cloud.com/static/rti.min.js track.bx-cloud.com/static/rti.min.js storage.googleapis.com/rtux-rtux-data-integration-rti/ jquery.sellxed.com *.avada.io *.google.com *.hs-scripts.com *.bugherd.com *.convertful.com *.facebook.net *.hs-analytics.com *.hscollectedforms.com *.headspixel.com *.hs-banner.com *.hotjar.com *.googleapis.com *.licdn.com *.googleadservices.com *.g.doubleclick.net *.newrelic.net *.trackjs.com *.cdn.prismic.io *.bing.com *.clarity.ms *.profity.ch *.wufoo.com https://www.googletagmanager.com tagmanager.google.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com *.googleapis.com tagmanager.google.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.newrelic.com *.nr-data.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com track.bx-cloud.com main.bx-cloud.com main.wi-platform-cloud.com r-st.bx-cloud.com track.bx-cloud.com/track/v2 storage.googleapis.com/rtux-rtux-data-integration-rti/ https://get.geojs.io *.avada.io *.google.com *.clarity.ms *.bing.com *.trackjs.com *.google-analytics.com *.facebook.net *.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com www.piercingmania.test piercingmania.test piercingmania.co.uk www.piercingmania.co.uk piercingmania.com www.piercingmania.com piercingmania.nl www.piercingmania.nl fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.google.com/ *.doubleclick.net *.facebook.com *.multisafepay.com https://pay.google.com www.googletagmanager.com www.piercingmania.test piercingmania.test piercingmania.co.uk www.piercingmania.co.uk piercingmania.com www.piercingmania.com piercingmania.nl www.piercingmania.nl *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com https://www.magezon.com *.multisafepay.com www.piercingmania.test piercingmania.test piercingmania.co.uk www.piercingmania.co.uk piercingmania.com www.piercingmania.com piercingmania.nl www.piercingmania.nl www.google.nl google.nl google.com bat.bing.com c.bing.com maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.multisafepay.com https://pay.google.com bat.bing.com www.piercingmania.test piercingmania.test piercingmania.co.uk www.piercingmania.co.uk piercingmania.com www.piercingmania.com piercingmania.nl www.piercingmania.nl ajax.googleapis.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com maxcdn.bootstrapcdn.com *.multisafepay.com www.piercingmania.test piercingmania.test piercingmania.co.uk www.piercingmania.co.uk piercingmania.com www.piercingmania.com piercingmania.nl www.piercingmania.nl 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.multisafepay.com googleads.g.doubleclick.net stats.g.doubleclick.net pagead2.googlesyndication.com www.piercingmania.test piercingmania.test piercingmania.co.uk www.piercingmania.co.uk piercingmania.com www.piercingmania.com piercingmania.nl www.piercingmania.nl 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' blob: wss: data: https: 'report-sample'; block-all-mixed-content; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https: 'report-sample'; style-src 'self' 'unsafe-inline' data: https: 'report-sample'; report-uri /nelmio/csp/report 1
default-src  'self' data: ;font-src  'self' data: fonts.gstatic.com *.zbozi.cz *.smartsuppcdn.com ;connect-src  'self' data: application/octet-stream blob: *.google.com *.google.cz *.googleapis.com *.google-analytics.com www.googletagmanager.com *.zbozi.cz *.pingdom.net *.doubleclick.net *.facebook.com *.biano.cz *.gstatic.com *.googlesyndication.com *.clarity.ms wss://*.smartsupp.com *.smartsupp.com *.smartsuppchat.com *.smartsuppcdn.com *.foxentry.cz *.leady.com *.leady.com;script-src  'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.seznam.cz *.googleapis.com www.googletagmanager.com *.google-analytics.com *.imedia.cz *.googleadservices.com *.doubleclick.net *.adform.net *.facebook.net https://im9.cz *.zbozi.cz *.pingdom.net *.biano.cz *.gstatic.com www.youtube.com www.youtube-nocookie.com *.clarity.ms https://unpkg.com *.smartsuppchat.com *.smartsuppcdn.com *.foxentry.cz *.leady.com *.leady.com;script-src-elem  'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.seznam.cz *.googleapis.com www.googletagmanager.com *.google-analytics.com *.imedia.cz *.googleadservices.com *.doubleclick.net *.adform.net *.facebook.net https://im9.cz *.zbozi.cz *.pingdom.net *.biano.cz *.gstatic.com www.youtube.com www.youtube-nocookie.com *.clarity.ms https://unpkg.com *.smartsuppchat.com *.smartsuppcdn.com *.foxentry.cz *.leady.com *.leady.com;form-action  'self' *.facebook.com *.facebook.net ;frame-src  'self' blob: www.youtube.com www.youtube-nocookie.com *.iplatba.cz *.imedia.cz *.facebook.com *.facebook.net *.zbozi.cz *.google.com *.doubleclick.net *.seznam.cz *.foxentry.cz ;worker-src  'self' blob: www.youtube.com www.youtube-nocookie.com *.iplatba.cz *.imedia.cz *.facebook.com *.facebook.net *.zbozi.cz *.google.com *.doubleclick.net *.seznam.cz *.foxentry.cz ;frame-ancestors  'self' ;img-src  'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com *.google-analytics.com *.senesi.cz *.doubleclick.net *.googlesyndication.com *.google.com *.google.co.uk *.google.cz *.google.sk *.google.de *.google.at *.google.fr *.google.it *.google.sk *.google.pl *.google.nl *.google.ie iplatba.cz *.imedia.cz *.heureka.cz *.facebook.com *.facebook.net *.zbozi.cz *.seznam.cz *.biano.cz *.clarity.ms c.bing.com *.instagram.com *.smartsuppcdn.com https://files.packeta.com *.foxentry.cz *.leady.com ;style-src  'self' 'unsafe-inline' *.googleapis.com *.google.com *.zbozi.cz *.gstatic.com *.smartsuppcdn.com *.foxentry.cz www.googletagmanager.com ;object-src  'self' blob: ; report-uri /frontendreport/report/ 1
font-src fonts.gstatic.com use.typekit.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://sandbox.sequracdn.com https://live.sequracdn.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://www.facebook.com https://seers-application-assets.s3.amazonaws.com https://www.google.es www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://sandbox.sequracdn.com https://live.sequracdn.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ widget.freshworks.com m2epro.freshdesk.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://sandbox.sequracdn.com https://live.sequracdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com widget.freshworks.com m2epro.freshdesk.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cdn.seersco.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net qa-api.magedevteam.com widget.freshworks.com m2epro.freshdesk.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://sandbox.sequracdn.com https://live.sequracdn.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' seustillo.com.br *.seustillo.com.br seustillo.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com tagmanager.google.com business.facebook.com analytics.google.com *.googleadservices.com *.g.doubleclick.net *.*rdstation.com.br *.rdstation.com.br popups.rdstation.com.br static.i-goal.com.br analytics.i-goal.com.br *.mimo.com.br assets-shorts.mimo.com.br *.shorts.mimo.com.br *.fbits.store analytics.tiktok.com *.tiktok.com *.adyen.com *.googleapis.com *.google.com *.google.com* *.googleapis.com* *.i-goal.com.br *.google.com.br* *.pagar.me *.mundipagg.com api.edrone.me d3bo67muzbfgtl.cloudfront.net *.braintree-api.com *.*.braintree-api.com *.braintreegateway.com *.*.braintreegateway.com *.pagseguro.com.br *.*.pagseguro.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.seustillo.com.br seustillo.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho 1
default-src 'self' https://*.snowsoftware.io; connect-src 'self' https://*.snowsoftware.io wss://*.snowsoftware.io https://app.launchdarkly.com https://clientstream.launchdarkly.com https://events.launchdarkly.com https://westeurope-2.in.applicationinsights.azure.com https://js.monitor.azure.com/; frame-src 'self' https://player.vimeo.com  https://*.snowsoftware.io; script-src 'self' 'unsafe-eval' 'report-sample' https://*.snowsoftware.io  https://snowsoftware.io; style-src 'self' 'unsafe-inline' 'report-sample' https://*.snowsoftware.io; font-src 'self' data: https://*.snowsoftware.io; 1
object-src 'none';base-uri 'self';script-src 'nonce-AEsa2aP75KZGjemeCKPM6A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'report-sample' 'self' https://cdnjs.cloudflare.com/ajax/libs/jQuery.mmenu/7.0.6/addons/fixedelements/jquery.mmenu.fixedelements.js https://kit.fontawesome.com/30237454ca.js https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js https://w3.siemens.com/ote/ote_config.js; style-src 'report-sample' 'self' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://ka-p.fontawesome.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://www.google.com; img-src 'self' https://siemens.sc.omtrdc.net; manifest-src 'self'; media-src 'self'; report-uri https://6241c4fffd94ed9b6b63afc6.endpoint.csper.io/?v=6; worker-src 'none'; 1
default-src http: wss:; script-src http: 'unsafe-inline'; style-src http: 'unsafe-inline'; img-src http: data:; font-src http: data:; report-uri /csp-report 1
default-src 'self' morningconsult.okta.com accounts.morningconsult.com *.oktacdn.com; connect-src 'self' morningconsult.okta.com morningconsult-admin.okta.com accounts.morningconsult.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com morningconsult.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' morningconsult.okta.com accounts.morningconsult.com *.oktacdn.com; style-src 'unsafe-inline' 'self' morningconsult.okta.com accounts.morningconsult.com *.oktacdn.com; frame-src 'self' morningconsult.okta.com morningconsult-admin.okta.com accounts.morningconsult.com login.okta.com *.vidyard.com com-okta-authenticator:; img-src 'self' morningconsult.okta.com accounts.morningconsult.com *.oktacdn.com https://cdn.morningconsultintelligence.com/MCI-1.1/images/MC-footer-logo.png *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' morningconsult.okta.com accounts.morningconsult.com data: *.oktacdn.com fonts.gstatic.com 1
font-src maxcdn.bootstrapcdn.com *.lasportivausa.com data: *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.klaviyo.com *.locally.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com https://plumrocket.com 'self' *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com *.lasportivausa.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.sharethis.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com https://plumrocket.com *.weltpixel.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.lasportivausa.com *.doubleclick.net *.google.com *.googleapis.com *.vimeo.com *.addthis.com *.pinterest.com disqus.com *.bazaarvoice.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.lasportivausa.com *.google.com *.googleapis.com *.gstatic.com via.placeholder.com *.pinterest.com *.disqus.com *.addthis.com *.bazaarvoice.com *.viglink.com *.klaviyo.com *.locally.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.lasportivausa.com bam.nr-data.net cdnjs.cloudflare.com *.cookielaw.org *.doubleclick.net *.google.com *.googleapis.com *.gstatic.com js-agent.newrelic.com *.newrelic.com player.vimeo.com *.addthis.com *.addthisedge.com *.moatads.com *.avmws.com *.pinimg.com *.pinterest.com *.disqus.com *.disquscdn.com *.bazaarvoice.com *.locally.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com display.ugc.bazaarvoice.com downloads.mailchimp.com maxcdn.bootstrapcdn.com https://static.klaviyo.com unsafe-inline *.lasportivausa.com *.disquscdn.com *.bazaarvoice.com *.googleapis.com 'self' 'unsafe-inline'; object-src *.bolt.com 'self' 'unsafe-inline'; media-src *.adobe.com *.lasportivausa.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com sessions.bugsnag.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.lasportivausa.com bam.nr-data.net *.doubleclick.net *.google.com *.googleapis.com *.pinterest.com *.disqus.com *.addthis.com *.bazaarvoice.com *.locally.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.lasportivausa.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com 'unsafe-inline' data: https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com www.youtube.com *.weltpixel.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com *.saint-louis.com *.ytimg.com *.google.fr *.trackedlink.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com polyfill-fastly.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com www.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.cookielaw.org *.facebook.net *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://cdnjs.cloudflare.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://fonts.googleapis.com https://cdnjs.cloudflare.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.cookielaw.org *.onetrust.com *.google.fr *.db-ip.com *.google-analytics.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://*.gstatic.com fonts.gstatic.com https://cdn.segment.com https://api.segment.io https://*.hokodo.co www.googleservices.com *.google.com *.gstatic.com https://*.klarnacdn.net *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com www.xtento.com https://*.hokodo.co https://photos.pixlee.co https://photos.pixlee.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://*.gstatic.com www.xtento.com cdn.xtento.com https://site-assets.afterpay.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.google.com https://www.google.co.uk https://www.gstatic.com https://d1fd8aj8bhyfe9.cloudfront.net https://cdn-ukwest.onetrust.com *.klevu.com *.ksearchnet.com flagpedia.net https://register.feefo.com https://api.feefo.com https://s3-eu-west-1.amazonaws.com pixlee.com *.pixlee.com *.pixlee.co https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com www.xtento.com cdn.xtento.com https://js.afterpay.com https://cdn.segment.com https://*.hokodo.co https://*.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://party11141.pcapredict.com https://assets.pxlecdn.com https://region1.analytics.google.com https://register.feefo.com https://js-agent.newrelic.com https://bam.nr-data.net https://services.postcodeanywhere.co.uk https://d3dh5c7rwzliwm.cloudfront.net https://d32106rlhdcogo.cloudfront.net https://dgf0rw7orw6vf.cloudfront.net https://cdn-ukwest.onetrust.com *.klevu.com *.ksearchnet.com *.gstatic.com maps.googleapis.com https://*.feefo.com/ https://euwa.puzzel.com pixlee.com *.pixlee.com *.pixlee.co https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com/ fonts.googleapis.com https://*.klarnacdn.net https://static.klaviyo.com https://register.feefo.com https://services.postcodeanywhere.co.uk *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com *.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com https://cdn.segment.com https://api.segment.io https://*.hokodo.co https://*.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://party11141.pcapredict.com https://assets.pxlecdn.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://register.feefo.com https://inbound-analytics.pixlee.com https://pce.afd.co.uk https://bam.nr-data.net https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://region1.google-analytics.com *.klevu.com *.ksearchnet.com www.gstatic.com maps.googleapis.com https://api.feefo.com https://collect.feefo.com https://api.puzzel.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com data: *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://cdn.omise.co *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.youtube.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com gateway.apaylater.com gateway.atome.sg ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.facebook.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.googleapis.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://cdn.omise.co gateway.apaylater.com gateway.atome.sg *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.nr-data.net *.newrelic.com *.googletagmanager.com *.facebook.net https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com unsafe-inline gateway.apaylater.com gateway.atome.sg cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://cdn.omise.co *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.nr-data.net *.newrelic.com *.ampproject.org 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
report-uri /-/csp_report?report_only=true; script-src 'self' 'unsafe-inline' 'report-sample' https://ssl.gstatic.com https://apis.google.com https://accounts.google.com/gsi/client https://d3ki9tyy5l5ruj.cloudfront.net https://d1gwm4cf8hecp4.cloudfront.net https://d1a3usp4brejtz.cloudfront.net https://d3u0af8znnrzzj.cloudfront.net https://d2y3xhxlqzgfzh.cloudfront.net https://oauth.googleusercontent.com https://app.box.com https://platform.twitter.com https://connect.facebook.net https://platform.harvestapp.com https://www.google.com https://docs.google.com https://www.gstatic.com https://www.dropbox.com https://www.paypal.com/sdk/js https://js.stripe.com https://recordwidget.vimeocdn.com https://prod-eu1.app.asana.com https://prod-au1.app.asana.com https://prod-jp1.app.asana.com https://cdn.cookielaw.org https://861-iiv-735.mktoweb.com https://resources.asana.com https://ccwizard.vertexsmb.com; frame-src 'self' blob: https://www.figma.com https://*.invisionapp.com https://invis.io https://miro.com https://whimsical.com https://www.loom.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.com https://www.canva.com https://xd.adobe.com https://*.looker.com https://lucid.app https://*.okta.com https://*.sharepoint.com https://*.dovetail.com https://accounts.google.com https://accounts.google.com/gsi/ https://content.googleapis.com https://www.google.com https://docs.google.com https://fast.wistia.net https://www.dropbox.com https://platform.harvestapp.com https://forms.asana.plus https://forms-server.asana.plus https://local.asana.com https://asana.com https://apisandbox.zuora.com https://test.zuora.com https://www.zuora.com https://www.sandbox.paypal.com https://www.paypal.com https://js.stripe.com https://recordwidget.vimeocdn.com https://pixel.asana.com https://d3ki9tyy5l5ruj.cloudfront.net https://prod-eu1.app.asana.com https://prod-au1.app.asana.com https://prod-jp1.app.asana.com https://cdn.cookielaw.org https://form.asana.com https://form-beta.asana.com https://form-stag.luna-s.org https://localhost.asana.com:3000 https://861-iiv-735.mktoweb.com https://resources.asana.com https://ccwizard.vertexsmb.com; worker-src 'self' blob: https://d3ki9tyy5l5ruj.cloudfront.net; child-src 'self' blob: https://d3ki9tyy5l5ruj.cloudfront.net; object-src 'self'; plugin-types application/pdf; base-uri 'none', report-uri /-/csp_report?report_only=true; script-src https: 'unsafe-inline' 'strict-dynamic' 'report-sample' 'nonce-4zae2brvg7eljlne0tcvju31i' 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com https://www.googletagmanager.com/ *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.googleapis.com *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://a.klaviyo.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.googleapis.com *.gstatic.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://static.klaviyo.com https://fast.a.klaviyo.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.nosto.com *.nos.to assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com *.nosto.com *.nos.to unsafe-inline assets.braintreegateway.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://static.klaviyo.com https://fast.a.klaviyo.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src 'unsafe-inline' data: fonts.gstatic.com *.paypal.com *.yotpo.com eventstable.com *.eventstable.com *.atlaschairs.com *.globaleventsupply.com *.braintreegateway.com *.signifyd.com *.trustspot.io trustspot.io s3.amazonaws.com trustspot-app-assets.s3.amazonaws.com use.fontawesome.com *.klaviyo.com stackpath.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'unsafe-inline' data: *.eventstable.com eventstable.com *.atlaschairs.com *.globaleventsupply.com *.braintreegateway.com *.signifyd.com *.trustspot.io *.klaviyo.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'unsafe-inline' data: *.online-metrix.net *.signifyd.com www.google.com *.paypal.com *.doubleclick.net *.eventstable.com eventstable.com *.atlaschairs.com *.globaleventsupply.com www.youtube.com *.vimeo.com *.demdex.net *.braintreegateway.com *.trustspot.io *.klaviyo.com www.socialintents.com www.xtento.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://plumrocket.com *.weltpixel.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.omtrdc.net *.yotpo.com *.bing.com *.signifyd.com *.online-metrix.net *.google.com *.paypal.com p.adsymptotic.com *.linkedin.com *.atdmt.com *.eventstable.com eventstable.com *.atlaschairs.com *.globaleventsupply.com *.bbb.org *.scanalert.com *.cloudfront.net *.demdex.net *.klaviyo.com *.creditkey.com creditkey-assets.s3-us-west-2.amazonaws.com *.shopperapproved.com *.braintreegateway.com *.ravecapture.com ravecapture-app-assets.s3.amazonaws.com trustspot-logos.imgix.net trustspot-product-photos.imgix.net *.clarity.ms *.roundprincemusic.com *.searchspring.io www.xtento.com cdn.xtento.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com *.facebook.com *.reddit.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'unsafe-eval' data: www.google.com maps.googleapis.com www.gstatic.com *.klaviyo.com *.signifyd.com static-na.payments-amazon.com a.optmnstr.com snap.licdn.com *.yotpo.com *.pushalert.co bat.bing.com www.socialintents.com www.clickcease.com *.paypal.com eventstable.com *.eventstable.com *.atlaschairs.com *.globaleventsupply.com bam.nr-data.net *.shopperapproved.com *.braintreegateway.com *.ravecapture.com trustspot.io cdn.jsdelivr.net *.clarity.ms config.gorgias.chat assets.gorgias.chat *.adobetm.com *.roundprincemusic.com *.hotjar.com *.mouseflow.com *.online-metrix.net https://cdn.segment.com www.xtento.com cdn.xtento.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://cdn.searchspring.net/intellisuggest/is.min.js https://snapui.searchspring.io https://www.googletagmanager.com tagmanager.google.com *.facebook.net *.redditstatic.com *.reddit.com unpkg.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com 'unsafe-inline' data: fonts.googleapis.com *.yotpo.com www.socialintents.com *.paypal.com eventstable.com *.eventstable.com *.atlaschairs.com *.globaleventsupply.com *.klaviyo.com *.braintreegateway.com *.signifyd.com *.ravecapture.com trustspot.io s3.amazonaws.com use.fontawesome.com www.shopperapproved.com stackpath.bootstrapcdn.com unpkg.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'unsafe-inline' data: *.demdex.net *.yotpo.com api.omappapi.com *.klaviyo.com payments.amazon.com *.signifyd.com *.google.com *.cardinalcommerce.com *.paypal.com *.doubleclick.net eventstable.com *.eventstable.com *.atlaschairs.com *.globaleventsupply.com *.pushalert.co bam.nr-data.net www.creditkey.com *.braintree-api.com *.braintreegateway.com *.ravecapture.com *.clarity.ms static-forms.klaviyo.com telemetrics.klaviyo.com config.gorgias.chat https://px.ads.linkedin.com *.hotjar.io https://bat.bing.com https://api.segment.io https://cdn.segment.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com google.com https://beacon.searchspring.io/beacon *.a.searchspring.io *.google-analytics.com *.facebook.net *.redditstatic.com *.reddit.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.klaviyo.com assets.gorgias.chat 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-FotzaxZv-1p7GtV2oAFm0w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' domidona.com.br *.domidona.com.br domidona.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store *.adyen.com *.ebit.com.br imgs.ebit.com.br *.sizebay.technology *.widde.io static.sizebay.technology *.trustvox.com.br *.hotjar.com *.cartstack.com.br *.tiktok.com *.rdstation.com.br *.g.doubleclick.net *.googleadservices.com *.google.com.br *.pagar.me *.mundipagg.com pageview-notify.rdstation.com.br rdstation.com.br popups.rdstation.com.br cta-redirect.rdstation.com *.amazonaws *.s3.amazonaws.com trustvox.com.br static.trustvox.com.br *.braintree-api.com *.*.braintree-api.com *.braintreegateway.com *.*.braintreegateway.com *.pagseguro.com.br *.*.pagseguro.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.domidona.com.br domidona.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho 1
font-src https://graco-eu.media.wonderland.tw https://*.typekit.net *.klevu.com *.ksearchnet.com *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.gracobaby.eu *.wonderland.tw *.optimonk.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.dotdigital-pages.com *.dotdigital.com https://graco-eu.media.wonderland.tw *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.gracobaby.eu *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com https://graco-eu.media.wonderland.tw *.klevu.com *.ksearchnet.com *.facebook.com maps.gstatic.com *.gracobaby.eu *.bazaarvoice.com *.clarity.ms https://connect.facebook.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://player.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://graco-eu.media.wonderland.tw js.klevu.com *.ksearchnet.com *.googletagmanager.com *.facebook.net maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.gracobaby.eu *.amplitude.com *.optimonk.com *.clarity.ms https://cdn.gethatch.com https://unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com display.ugc.bazaarvoice.com https://graco-eu.media.wonderland.tw https://*.typekit.net *.klevu.com *.ksearchnet.com *.fontawesome.com *.gracobaby.eu *.optimonk.com https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://graco-eu.media.wonderland.tw *.gracobaby.eu 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://graco-eu.media.wonderland.tw *.klevu.com *.ksearchnet.com *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.gracobaby.eu *.wonderland.tw *.doubleclick.net *.clarity.ms *.optimonk.com *.vimeocdn.com *.bazaarvoice.com https://maps.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://graco-eu.media.wonderland.tw *.gracobaby.eu 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.a-fs.me gs://f.a-fs.me/ cdnjs.cloudflare.com/ajax/libs/ unpkg.com/@zxing/library@ cdn.jsdelivr.net/phaser/ google-analytics.com *.googletagmanager.com *.googleapis.com *.google.com *.gstatic.com plus.codes/api trackjs.com; script-src 'self' connect.facebook.net *.a-fs.me gs://f.a-fs.me/ google-analytics.com *.googletagmanager.com *.googleapis.com *.google.com *.gstatic.com plus.codes/api connect.facebook.net platform.twitter.com 'unsafe-inline' 'unsafe-eval'; style-src  'self' *.googleapis.com *.gstatic.com *.a-fs.me gs://f.a-fs.me/ 'unsafe-inline'; img-src 'self' *.trackjs.com *.a-fs.me gs://f.a-fs.me/ google-analytics.com *.googletagmanager.com *.googleapis.com *.google.com *.gstatic.com plus.codes/api *.facebook.com *.fbcdn.net data:;  font-src 'self' *.gstatic.com *.a-fs.me gs://f.a-fs.me/  data:; connect-src  'self' *.google-analytics.com *.googleapis.com *.a-fs.me gs://f.a-fs.me/; object-src 'none'; frame-src  'self' *.google.com www.facebook.com platform.twitter.com; frame-ancestors 'none'; base-uri 'self'; report-uri /api/csp-report; report-to csp-endpoint 1
font-src fonts.gstatic.com *.azureedge.net *.doofinder.com *.typekit.net *.googleapis.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors *.storyblok.com 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.nosto.com *.nos.to *.hotjar.com *.oct8ne.com *.pinterest.com *.doofinder.com *.empathybroker.com *.empathy.co *.criteo.com https://sandbox.sequracdn.com https://live.sequracdn.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.nosto.com *.nos.to *.shopalike.es *.facebook.com *.google.com *.google.es widgets.trustedshops.com *.twitter.com t.co *.azureedge.net *.pinterest.com *.doofinder.com *.bing.com *.storyblok.com https://sandbox.sequracdn.com https://live.sequracdn.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.nosto.com *.nos.to *.shopalike.es www.googletagmanager.com *.googleoptimize.com widgets.trustedshops.com static-eu.oct8ne.com static.zdassets.com *.facebook.net *.tradedoubler.com *.doubleclick.net *.hotjar.com *.ads-twitter.com smct.co *.bsmartdata.com *.retargeted.co *.bing.com *.clarity.ms *.smartsuppcdn.com *.smartsuppchat.com *.smartsupp.com *.connectif.cloud *.klaviyo.com *.photoslurp.com *.pinimg.com *.doofinder.com *.empathybroker.com *.unpkg.com *.empathy.co *.storyblok.com https://sandbox.sequracdn.com https://live.sequracdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://static.klaviyo.com *.nosto.com *.nos.to *.photoslurp.com *.doofinder.com *.klaviyo.com *.typekit.net *.empathy.co *.empathybroker.com *.storyblok.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.storyblok.com *.zdassets.com *.doofinder.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.nosto.com *.nos.to *.oct8ne.com *.zendesk.com *.zopim.com *.doubleclick.net *.hotjar.com *.hotjar.io *.clarity.ms *.smartsuppcdn.com *.googleapis.com *.gstatic.com *.google-analytics.com *.google.es *.connectif.cloud *.klaviyo.com *.photoslurp.com *.zdassets.com *.pinterest.com *.doofinder.com *.empathybroker.com *.empathy.co https://sandbox.sequracdn.com https://live.sequracdn.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.baoding68b.net www.weimen99f.net update.a1jul.com play.luckypig188.com game.nb8latvia.com dxjuzb.uikehnbv.com *.facebook.net *.gstatic.com www.wasp333.com www.wasp555.com www.recaptcha.net gameweb.rsgaming888.com m.pgf-thzvvo.com wss://wss.waspzf.com update.waspadfpj.com cdn.dcloud.net.cn wbgame.bd33fgabh.com api-www.wasptha.com lobby.luckypig188.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src *.fontawesome.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.typekit.net *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com sandbox.przelewy24.pl secure.przelewy24.pl *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://www.facebook.com/ *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ pay.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com https://vars.hotjar.com/ https://www.facebook.com/ https://ct.pinterest.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com static.przelewy24.pl www.gstatic.com gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://www.google.pl/ https://www.google.com/ https://www.facebook.com/ https://ct.pinterest.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://cdn.polyfill.io https://browser.sentry-cdn.com s7.addthis.com *.avada.io https://www.googletagmanager.com/ https://googleads.g.doubleclick.net/ https://static.cloudflareinsights.com/ https://connect.facebook.net/ https://static.hotjar.com/ https://script.hotjar.com/ https://s.pinimg.com/ assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com fonts.googleapis.com maxcdn.bootstrapcdn.com unsafe-inline *.typekit.net *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://*.ingest.sentry.io ekr.zdassets.com/ https://get.geojs.io *.avada.io https://region1.analytics.google.com/ https://stats.g.doubleclick.net/ https://www.facebook.com/ https://vc.hotjar.io/ https://in.hotjar.com/ https://content.hotjar.io/ https://ct.pinterest.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com ws: t.elasticsuite.io *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
secure-frame-src *.idtheftscanner.f-secure.com; font-src *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.idtheftscanner.f-secure.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.twitter.com *.cloudfront.net https://electric-house.com https://static.addtoany.com https://www.google-analytics.com landofcoder.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.idtheftscanner.f-secure.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.idtheftscanner.f-secure.com landofcoder.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.cookiefirst.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.idtheftscanner.f-secure.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.idtheftscanner.f-secure.com *.cookiefirst.com landofcoder.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src embed.tawk.to fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://form.payway.com.hr/authorization.aspx https://formtest.payway.com.hr/authorization.aspx 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ va.tawk.to 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io embed.tawk.to cdn.jsdelivr.net/emojione data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://embed.tawk.to https://cdn.jsdelivr.net/emojione/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src embed.tawk.to fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src embed.tawk.to tawk.link 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com dns.google *.tawk.to wss://*.tawk.to https://secure.payway.com.hr/api/services/processpayment https://test.payway.com.hr/api/services/processpayment 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self'; block-all-mixed-content; default-src 'self'; form-action 'self'; frame-ancestors 'self'; plugin-types 'none'; script-src 'self' 'report-sample' 'unsafe-inline'; style-src 'self' 'report-sample' 'unsafe-inline'; object-src 'none'; worker-src 'none'; report-uri https://prod.ap.batic.cudasvc.com/xenios/api/v1/error/report??paid=151&v=v1.0&payload=TfZeG9ERLvGZfE96j9BLp65ufkZtd62DhExpeylUhJ0-YdbA-tPZdz5oGTthZz6KJu4e51iU28LdIV-zCoKZIFjWHiEA2HJeQa4JCyAgWXIr96FIAf6n9x9ULbw-paEQbP7hcXyzUhcBMi1FLHRB6Ny6f3C-gSz7nmy-V6VNh4U=; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.flashyapp.com api.flashy.app *.flashy.dev *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.flashyapp.com api.flashy.app *.flashy.dev c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * gateway20.pelecard.biz 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com https://www.magezon.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com gateway20.pelecard.biz data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.flashyapp.com api.flashy.app *.flashy.dev maps.googleapis.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com gateway20.pelecard.biz 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.flashyapp.com api.flashy.app *.flashy.dev www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-4594c7a67d30425e946429a592291ad8' https://mychart-p.well-net.org 'self';img-src https://* 'self' blob: data:;style-src https://mychart-p.well-net.org 'self' 'unsafe-inline';form-action 'self';media-src https://* 'self'; 1
font-src *.googleapis.com *.gstatic.com 'unsafe-inline' data: *.libreka.de *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com fonts.gstatic.com *.fontawesome.com *.bootstrapcdn.com *.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com js.stripe.com secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com *.libreka.de www.sovendus-connect.com www.sovendus-benefits.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cookiebot.com *.pinterest.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net cdn.cookielaw.org qm.magazinabo.com qm.bergweltenabo.ch qm.getredbulletin.ch *.libreka.de *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com *.cookiefirst.com *.cookiebot.com *.elfsight.com *.facebook.com *.google.de *.linkedin.com *.pinterest.com *.redbull.com *.usd.de *.usercentrics.eu *.scnem2.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.stripe.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io cdn.cookielaw.org qm.magazinabo.com qm.bergweltenabo.ch qm.getredbulletin.ch *.libreka.de api.sovendus.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.googletagmanager.com tagmanager.google.com https://polyfill-fastly.io https://browser.sentry-cdn.com *.cloudfront.net *.cookiefirst.com *.cookiebot.com *.elfsight.com *.facebook.net *.google.com *.google-analytics.com *.haymarketstat.de *.licdn.com *.linkedin.com *.logopaletti.de *.redbull.com *.trustedshops.com *.pinimg.com *.usercentrics.eu *.scnem2.com *.s7.addthis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com d.ratepay.com d.payla.io dr.payla.io *.libreka.de tagmanager.google.com fonts.google.com *.fontawesome.com *.cloudfront.net *.cookiefirst.com *.google.com *.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.libreka.de *.cloudfront.net *.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com payments.amazon.de d.ratepay.com jsctool.com eu.playground.klarnaevt.com privacyportal-de.onetrust.com pagead2.googlesyndication.com qm.magazinabo.com qm.getredbulletin.ch *.libreka.de identification-api.sovendus.com press-tracking-api.sovendus.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://*.ingest.sentry.io *.cookiefirst.com *.cookiebot.com *.cookielaw.org *.doubleclick.net *.elfsight.com *.google.de *.haymarketstat.de *.logopaletti.de *.usercentrics.eu *.pinterest.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com; script-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com 'unsafe-inline' 'unsafe-eval'; style-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com 'unsafe-inline'; report-uri /1/batch/2/OE/mid=ATVPDKIKX0DER:sid=142-1713727-8636532:rid=2TJKR100TXTF4CFS303C:sn=affiliate-program.amazon.com 1
font-src *.fontawesome.com *.zopim.com *.gstatic.com 'unsafe-inline' data: *.cloudflare.com blog.lifeaidbevco.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.snapchat.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com https://plumrocket.com blog.lifeaidbevco.com 'self' 'unsafe-inline'; frame-ancestors blog.lifeaidbevco.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.snapchat.com *.trustpilot.com *.referralcandy.com destinilocators.com *.google.com *.gstatic.com *.pixlee.co *.attn.tv www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com blog.lifeaidbevco.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com validate.fishpig.co.uk *.trustpilot.com *.monsido.com *.adnxs.com *.adsrvr.org b1img.com *.rlcdn.com *.zopim.com *.tapad.com *.demdex.net *.pixlee.com *.omnithrottle.com pippio.com *.zendesk.com *.twitter.com *.pinimg.com *.tiktok.com *.pinterest.com *.google.com *.stackadapt.com *.doubleclick.net *.advertising.com *.yahoo.com *.rubiconproject.com *.company-target.com *.convertflow.com convertflow.co *.convertflow.co *.bttrack.com *.openx.net *.attn.tv www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com blog.lifeaidbevco.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.attn.tv events.attentivemobile.com widget.freshworks.com m2epro.freshdesk.com *.facebook.net connect.facebook.net graph.facebook.com business.facebook.com *.zopim.com sc-static.net *.doubleclick.net *.monsido.com *.zdassets.com *.googleapis.com *.google.com *.gstatic.com *.b1js.com b1img.com destinilocators.com *.datasteam.io *.trustpilot.com *.pixlee.com *.tiktok.com *.referralcandy.com *.advertising.com *.googletagmanager.com *.google-analytics.com *.rubiconproject.com *.yahoo.com convertflow.co *.convertflow.co *.pinimg.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com blog.lifeaidbevco.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com *.googleapis.com 'unsafe-inline' data: *.cloudflare.com unsafe-inline assets.braintreegateway.com blog.lifeaidbevco.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' *.lifeaidbevco.com blog.lifeaidbevco.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.attn.tv events.attentivemobile.com widget.freshworks.com m2epro.freshdesk.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.zdassets.com wss://widget-mediator.zopim.com *.monsido.com *.pinterest.com *.pinimg.com 'unsafe-inline' data: *.pixlee.com https://cdn.pdst.fm api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com blog.lifeaidbevco.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com blog.lifeaidbevco.com http: https: blob: 'self' 'unsafe-inline'; default-src blog.lifeaidbevco.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self'; report-uri https://www.goldcoastbulletin.com.au/csp-reports 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: *.amazonaws.com *.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.twitter.com *.pay.google.com *.cards-accept.bm.pl *.googletagmanager.com *.savecart.pl pixel.wp.pl *.hotjar.com *.google.com pay.google.com play.google.com testpay.autopay.eu pay.autopay.eu testcards.autopay.eu cards.autopay.eu 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.googletagmanager.com *.savecart.pl pixel.wp.pl *.hotjar.com *.facebook.net platnosci.bm.pl platnosci-accept.bm.pl www.gstatic.com testimages.autopay.eu images.autopay.eu *.amazonaws.com *.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.pay.google.com *.cards-accept.bm.pl google.com paypal.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googletagmanager.com *.savecart.pl pixel.wp.pl *.hotjar.com *.facebook.net testcards.autopay.eu cards.autopay.eu pay.google.com *.avada.io *.google.com *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com testpay.autopay.eu pay.autopay.eu testcards.autopay.eu cards.autopay.eu maxcdn.bootstrapcdn.com *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.gstatic.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.savecart.pl *.pinterest.com *.hotjar.com *.google-analytics.com https://get.geojs.io *.avada.io t.elasticsuite.io *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://prosto.com/; report-to report-endpoint; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.hollywoodreporter.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com data: *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * cdn.dnky.co amc.demdex.net www.google.com youtube.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com maps.googleapis.com accounts.google.com 'self' data: https://static-content.vnforapps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com player.vimeo.com *.google.com https://maps.googleapis.com *.gstatic.com https://static-content.vnforapps.com https://m.vnforapps.com https://h.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.fontawesome.com unsafe-inline assets.braintreegateway.com cdn.dnky.co *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.bolt.com *.magento-datasolutions.com *.magento-ds.com *.sentry.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com maps.googleapis.com api.comapi.com bam.nr-data.net *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com.co *.google.com *.googletagmanager.com google.com.* *.bam.nr-data.net https://bam.nr-data.net https://h.online-metrix.net/ *.online-metrix.net https://js-agent.newrelic.com/ https://maps.googleapis.com/ https://stats.g.doubleclick.net/ *.pingdom.net widgets.pau.zone www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.rum-static.pingdom.net https://www.google-analytics.com/ *.google.com *.googletagmanager.com *.googleadservices.com *.connect.facebook.net *.stats.g.doubleclick.net *.rum-collector-2.pingdom.net *.amazonaws.com *.js-agent.newrelic.com *.bam.nr-data.net https://bam.nr-data.net *.onesignal.com https://onesignal.com/ https://h.online-metrix.net/ *.online-metrix.net https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://*.cardinalcommerce.com/ *.pingdom.net widgets.pau.zone js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.cloudflare.com https://fonts.googleapis.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.rum-static.pingdom.net *.google-analytics.com *.google.com *.static.klaviyo.com *.stats.g.doubleclick.net *.connect.facebook.net *.rum-collector-2.pingdom.net *.bam.nr-data.net https://bam.nr-data.net https://h.online-metrix.net/ *.online-metrix.net https://js-agent.newrelic.com/ https://maps.googleapis.com/ https://stats.g.doubleclick.net/ *.pingdom.net *.smallshi.com:1442/ *.smallshi.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.rum-static.pingdom.net *.connect.facebook.net *.stats.g.doubleclick.net *.rum-collector-2.pingdom.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.sharethis.com https://www.googletagmanager.com/ *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ cdn.mundipagg.com api.pagar.me data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com polyfill.io http://www.googletagmanager.com/ https://www.googletagmanager.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.mundipagg.com api.pagar.me 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.globalpay.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com *.gstatic.com www.skopes.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com www.skopes.co.uk 'self' 'unsafe-inline'; frame-ancestors www.skopes.co.uk 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.americanexpress.com *.globalpay.com *.mastercard.com *.visa.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com www.youtube.com www.xtento.com www.skopes.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.globalpay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.adobedtm.com www.xtento.com cdn.xtento.com www.skopes.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.aexp-static.com https://ajax.aspnetcdn.com *.globalpay.com *.gpapiservices.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com www.youtube.com player.vimeo.com www.xtento.com cdn.xtento.com www.skopes.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.trustpilot.com www.skopes.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.amazonaws.com *.googleapis.com www.skopes.co.uk 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com cdn.plyr.io noembed.com www.skopes.co.uk 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.skopes.co.uk http: https: blob: 'self' 'unsafe-inline'; default-src www.skopes.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-l993YiAtqYUEztLEiS3Kiq3dI' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self' 1
font-src *.fontawesome.com *.adobe.com *.facebook.com *.facebook.net *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.paypal.com *.youtube.com *.vimeo.com *.vimeocdn.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.fonts.gstatic.com *.tawk.to *.datatables.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.twitter.com *.doubleclick.net *.trustpilot.com wilkepromotion.ladesk.com *.ladesk.com *.issuu.com *.facebook.com *.google.com *.streetfood-tes.os.tc streetfood-tes.os.tc *.datatables.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.adobe.com *.facebook.com *.facebook.net *.fontawesome.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.paypal.com *.vimeo.com *.cloudflare.com *.klarna.com *.google.com *.google.com.sg *.google.com.ph *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.doubleclick.net *.ssl.gstatic.com tawk.link *.jsdelivr.net wilkepromotion.ladesk.com sumo.com *.sumo.com *.datatables.net data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ s7.addthis.com *.avada.io *.adobe.com *.facebook.net *.fontawesome.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.paypal.com *.vimeo.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.doubleclick.net *.assets.adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.authorize.net *.tagmanager.google.com *.trustpilot.com *.sumo.com sumo.com *.tawk.to tawk.link *.jsdelivr.net wilkepromotion.ladesk.com *.crazyegg.com *.issuu.com *.datatables.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com *.adobe.com *.facebook.com *.facebook.net *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.paypal.com *.youtube.com *.vimeo.com *.vimeocdn.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.tagmanager.google.com *.fonts.googleapis.com *.jsdelivr.net *.datatables.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.adobe.com *.facebook.com *.facebook.net *.fontawesome.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.paypal.com *.youtube.com *.vimeo.com *.vimeocdn.com *.cloudflare.com *.twitter.com *.twimg.com *.trustpilot.com *.sumo.com *.tawk.to tawk.to sumo.com *.crazyegg.com *.datatables.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.fontawesome.com *.googleapis.com *.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.instagram.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cdninstagram.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.instagram.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.fontawesome.com *.googleapis.com *.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://*.ingest.sentry.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.wp.com;	img-src data: https:;	script-src 'unsafe-inline' 'unsafe-eval' blob: https:;	style-src 'unsafe-inline' https:;	font-src data: https:;	media-src blob: https:;	frame-src https:;	object-src 'none';	connect-src https:; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.google.com *.doubleclick.net *.facebook.com js.mollie.com niko-productguide.solyd.be *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.mollie.com *.koongo.com *.google.pt *.google.be *.google.com.tr *.bing.com maps.googleapis.com ts.tradetracker.net www.magmodules.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://cdn.polyfill.io https://browser.sentry-cdn.com s7.addthis.com js.mollie.com static.hotjar.com *.bing.com gtmadapter-node-cbjg5cz5hq-ew.a.run.app *.cookie-script.com *.trustpilot.com tm.tradetracker.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com/ajax/libs/highlight.js/9.3.0/styles/darkula.min.css *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com https://*.ingest.sentry.io ekr.zdassets.com/ *.koongo.com stats.g.doubleclick.net maps.googleapis.com gtmadapter-node-cbjg5cz5hq-ew.a.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.avada.io *.google.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.klarnacdn.net *.fontawesome.com fonts.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnaevt.com *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.klarna.com checkout.postfinance.ch *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://images.unsplash.com *.klarna.com *.klarnaevt.com *.klarnacdn.net checkout.postfinance.ch https://redchamps.com maps.gstatic.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com polyfill-fastly.io https://polyfill-fastly.io https://browser.sentry-cdn.com *.klarna.com *.klarnacdn.net *.klarnaservices.com checkout.postfinance.ch cdn.scalapay.com b2c-cdn.scalapay.com *.stripe.com klarna.com *.klarnaevt.com maps.googleapis.com *.googletagmanager.com tagmanager.google.com *.trustpilot.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klarnacdn.net *.fontawesome.com fonts.googleapis.com tagmanager.google.com fonts.google.com *.trustpilot.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io https://*.ingest.sentry.io *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.stripe.com klarna.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io blueskytechmage.com mageblueskytech.com placehold.jp blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com api-maps.yandex.ru yastatic.net *.maps.yandex.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ s7.addthis.com *.avada.io https://player.vimeo.com https://www.youtube.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com api-maps.yandex.ru yastatic.net *.maps.yandex.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ https://get.geojs.io *.avada.io https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; connect-src 'self' https://*.holidaysplease.co.uk:3000 wss://*.holidaysplease.co.uk:3000; font-src 'self' https://fonts.gstatic.com https://themes.googleusercontent.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' https://*.holidaysplease.co.uk:3000 https://connect.facebook.net https://bat.bing.com https://*.elegantescapes.com 'nonce-/dyYNA'; img-src * data:; frame-src 'self' https://www.facebook.com/ data: 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri https://0594ebf9e3dab534acdba65c6100b639.report-uri.com/r/d/csp/reportOnly; 1
worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com *.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com google.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com scontent.cdninstagram.com data: *.kxcdn.com amcglobal.sc.omtrdc.net *.twitter.com *.googleapis.com google.com *.gstatic.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.googleapis.com google.com *.gstatic.com cdn.ampproject.org connect.facebook.net www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com google.com *.kxcdn.com *.gstatic.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com dpm.demdex.net *.google-analytics.com *.google.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src *.fontawesome.com *.kueskipay.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.kueskipay.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com *.kueskipay.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.kueskipay.com *.google.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com js.braintreegateway.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.conekta.io conektaapi.s3.amazonaws.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com *.kueskipay.com *.googletagmanager.com *.mxpnl.com *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.kueskipay.com *.googletagmanager.com *.mxpnl.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es api.conekta.io r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com *.kueskipay.com *.doubleclick.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.multisafepay.com https://pay.google.com landofcoder.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com *.multisafepay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.multisafepay.com https://pay.google.com landofcoder.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maxcdn.bootstrapcdn.com *.multisafepay.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.google-analytics.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.multisafepay.com landofcoder.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.fontawesome.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com *.googlesyndication.com 'self' connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net www.facebook.com *.googlesyndication.com connect.facebook.net graph.facebook.com business.facebook.com *.multisafepay.com https://pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com connect.facebook.net graph.facebook.com business.facebook.com flagpedia.net *.multisafepay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.amazonaws.com ts.tradetracker.net www.magmodules.eu https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com *.multisafepay.com https://pay.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.sendcloud.sc *.jsdelivr.net tm.tradetracker.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.fontawesome.com maxcdn.bootstrapcdn.com *.multisafepay.com unsafe-inline assets.braintreegateway.com *.sendcloud.sc *.jsdelivr.net https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com www.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com connect.facebook.net graph.facebook.com business.facebook.com www.gstatic.com maps.googleapis.com *.multisafepay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-asU2NPDXx8LZ-Illch32yg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.google.com *.gstatic.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com unsafe-inline *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
style-src 'self' https://app.getbeamer.com 'unsafe-inline'; img-src 'self' data: https://static.getbeamer.com https://storage.googleapis.com https://app.getbeamer.com https://www.googletagmanager.com; object-src 'none'; frame-src https://push.getbeamer.com https://app.getbeamer.com https://www.google.com https://data-analytics.passculture.team; script-src-elem 'self' 'nonce-recaptcha' https://www.gstatic.com https://static.getbeamer.com https://static.hotjar.com https://app.getbeamer.com https://script.hotjar.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com https://firebaseremoteconfig.googleapis.com https://api-adresse.data.gouv.fr https://vc.hotjar.io; script-src 'self'; connect-src 'self' https://*.algolianet.com https://www.google-analytics.com wss://ws.hotjar.com https://content.hotjar.io https://surveystats.hotjar.io https://api-adresse.data.gouv.fr https://storage.googleapis.com https://backend.getbeamer.com https://firebaseremoteconfig.googleapis.com https://firebase.googleapis.com https://firebaseinstallations.googleapis.com https://sentry.passculture.team https://backend.integration.passculture.pro https://backend.testing.passculture.team https://backend.staging.passculture.team https://backend.passculture.pro https://region1.google-analytics.com https://*.algolia.net https://insights.algolia.io https://vc.hotjar.io https://metrics.hotjar.io; report-uri https://sentry.passculture.team/api/2/security/?sentry_key=50f5694849704813b4154c5868b73365; 1
font-src fonts.gstatic.com use.typekit.net www.searchanise.com *.searchserverapi.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.searchanise.com *.searchserverapi.com *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.searchanise.com *.searchserverapi.com *.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com *.pagar.me *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.bolt.com *.magento-datasolutions.com *.magento-ds.com *.sentry.io api.amplitude.com stats.g.doubleclick.net *.pagar.me https://viacep.com.br https://www.viacep.com.br https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trustpilot.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.trustpilot.com *.cloudflare.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://d1pna5l3xsntoj.cloudfront.net *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://core.helloretail.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-lFKfezaKhhdjeB_7cbYsHA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.googleapis.com https://www.gstatic.com cdn.giosgusercontent.com fonts.googleapis.com *.gstatic.com *.typekit.net 'self' data: *.doubleclick.net *.facebook.com *.klarnacdn.net *.klevu.com *.ksearchnet.com https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com *.maksuturva.fi *.qa.ambientia.fi *.collector.se *.signicat.com *.collectorbank.se *.walley.se *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.giosgusercontent.com *.giosg.com www.facebook.com *.google.com *.doubleclick.net *.api.ditto.com *.klarna.com https://*.google.com *.facebook.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.resurs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com https://*.gstatic.com *.consentmanager.net *.qa.ambientia.fi secure.adnxs.com c.delivery.consentmanager.net www.google.fi *.google.com www.facebook.com maps.googleapis.com *.gstatic.com www.maksuturva.fi www.googleoptimize.com *.googletagmanager.com *.bing.com *.klarna.com *.klarnaevt.com *.klarnacdn.net 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.klevu.com *.ksearchnet.com https://*.googleapis.com https://*.googleusercontent.com https://resources.paytrail.com https://redchamps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com https://*.gstatic.com *.qa.ambientia.fi cdn.consentmanager.net delivery.consentmanager.net static.hotjar.com script.hotjar.com bsdk.api.ditto.com maps.googleapis.com maps.google.com cdnjs.cloudflare.com service.giosg.com embed.upseller.cloud *.adform.net connect.facebook.net *.google.com www.googleoptimize.com *.googletagmanager.com script.crazyegg.com *.bing.com *.cookiefirst.com *.convertexperiments.com/ *.custobar.com *.klarna.com *.klarnacdn.net https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.klarnaservices.com js.klevu.com *.ksearchnet.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io *.resurs.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.consentmanager.net delivery.consentmanager.net *.qa.ambientia.fi hello.myfonts.net service.giosg.com embed.upseller.cloud *.google.com *.typekit.net *.cookiefirst.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.klarnacdn.net *.klevu.com *.ksearchnet.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com maxcdn.bootstrapcdn.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.custobar.com *.api.ditto.com maps.googleapis.com service.giosg.com vc.hotjar.io www.google.com *.analytics.google.com *.doubleclick.net www.facebook.com www.google.fi *.consentmanager.net script.crazyegg.com *.bing.com *.cookiefirst.com *.klarnaevt.com *.google-analytics.com *.facebook.com *.facebook.net https://*.google.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.klevu.com *.ksearchnet.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src 'self' epichttp:;script-src 'nonce-ff5d5215112e40a5a714135cee5fe07a' https://mijnolvg.nl 'self';img-src 'self' blob: data: https://www.mijnolvg.nl https://www.olvg.nl;style-src https://mijnolvg.nl 'self' 'unsafe-inline';form-action 'self'; 1
font-src fonts.gstatic.com use.typekit.net lora-sdk.belive.sg *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com 'self' connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com static.addtoany.com www.facebook.com *.fls.doubleclick.net www.mewatch.sg connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.facebook.com *.mediacorp.sg pubads.g.doubleclick.net iframe-clients.belive.sg lora-sdk.belive.sg bat.bing.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com static.addtoany.com jsd-widget.atlassian.com www.facebook.com *.mediacorp.sg analytics.tiktok.com js-agent.newrelic.com bam.nr-data.net lora-sdk.belive.sg bat.bing.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.belive.sg 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io jsd-widget.atlassian.com api-private.atlassian.com analytics.tiktok.com bam.nr-data.net iframe-api.belive.sg lora-tracking.belive.sg www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src ; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com store.paradoxlabs.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googleapis.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.authorize.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline *.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.authorize.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 1
font-src *.googleapis.com *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.google.com *.doubleclick.net *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.hotjar.com *.cookiebot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com playseat.com playseat.dev *.playseat.com *.cloudflare.com *.linkedin.com *.google.nl *.adobetm.com *.ibb.co data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.twitter.com *.fontawesome.com *.pingdom.net *.hotjar.com *.cookiebot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com playseat.com playseat.dev *.playseat.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.cloudflare.com *.pingdom.net *.hotjar.com *.hotjar.io *.cookiebot.com *.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://playseat.dev/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-f0tDUC0rc6bLxjYooDWRAA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com s7.addthis.com *.avada.io https://player.vimeo.com https://www.youtube.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com maxcdn.bootstrapcdn.com http://fonts.googleapis.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com ekr.zdassets.com/ https://get.geojs.io *.avada.io https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-2bf1c36981844c90944d5c168311094a' https://myscotlandhealth.org 'self';img-src https://* 'self' blob: data:;style-src https://myscotlandhealth.org 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1
font-src *.cloudflare.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.youtube.com *.g.doubleclick.net *.facebook.com *.facebook.net https://payment-stage.ecpay.com.tw/ https://payment.ecpay.com.tw/ 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.facebook.com *.g.doubleclick.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.ytimg.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com *.twitter.com *.fontawesome.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.google.com *.zdassets.com *.facebook.net *.g.doubleclick.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.google-analytics.com *.googletagmanager.com *.zendesk.com *.zopim.com *.zdassets.com *.gstatic.com *.google.com *.google.com.tw *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.weltpixel.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.com/ https://www.youtube.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com www.google.com.ua https://www.magezon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net *.cdninstagram.com *.fbcdn.net maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.google.com/ ajax.googleapis.com *.instagram.com maps.googleapis.com iijarszw.eug.stape.io https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com www.gstatic.com https://static.klaviyo.com *.googleapis.com *.googletagmanager.com maxcdn.bootstrapcdn.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com *.google.com *.doubleclick.net *.googlesyndication.com *.instagram.com *.googleusercontent.com iijarszw.eug.stape.io https: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com data: maxcdn.bootstrapcdn.com https://geowidget.easypack24.net 'self' data: fonts.bunny.net admor.co admor.de data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com sandbox.przelewy24.pl secure.przelewy24.pl paywall.imoje.pl process.paypo.pl eblik.pl javascript admor.co admor.de 'self' 'unsafe-inline'; frame-ancestors admor.co admor.de 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.dnky.co *.hotjar.com *.google.com *.facebook.com *.trustpilot.com *.criteo.com https://geowidget-app.inpost.pl/ admor.co admor.de 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://images.unsplash.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net static.przelewy24.pl www.gstatic.com gstatic.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.hsforms.net *.hsforms.com 'self' data: scontent-waw1-1.cdninstagram.com www.google.pl scontent-fra5-2.cdninstagram.com scontent-fra5-1.cdninstagram.com scontent-fra3-2.cdninstagram.com scontent.cdninstagram.com scontent-vie1-1.cdninstagram.com us-ms.gr-cdn.com scontent-fra3-1.cdninstagram.com data.imoje.pl www.google.co.uk www.google.com.tr www.google.hu www.przelewy24.pl pagead2.googlesyndication.com www.admor.co admor.co admor.de *.google.pl *.gr-cdn.com *.googleadservices.com *.google-analytics.com *.cdninstagram.com *.imoje.pl embedsocial.com *.embedsocial.com *.googlesyndication.com ruch-osm.sysadvisors.pl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com *.googletagmanager.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com *.avada.io sandbox.przelewy24.pl secure.przelewy24.pl https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.hsforms.net *.hsforms.com ga.getresponse.com www.google.com analytics.tiktok.com code.jquery.com cdnjs.cloudflare.com ruch-osm.sysadvisors.pl admor.co admor.de *.apptrian.com *.facebook.com *.getresponse.com *.gr-cdn.com *.cookiefirst.com *.embedsocial.com embedsocial.com *.googlesyndication.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com https://geowidget.easypack24.net https://geowidget.inpost.pl *.gstatic.com fonts.cdnfonts.com cdnjs.cloudflare.com geowidget.inpost.pl admor.co admor.de fonts.bunny.net *.cookiefirst.com *.embedsocial.com embedsocial.com *.googlesyndication.com ruch-osm.sysadvisors.pl 'self' 'unsafe-inline'; object-src admor.co admor.de none 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.zopim.com https://geowidget.easypack24.net data admor.co admor.de *.google.pl *.google.com *.googlesyndication.com 'self' 'unsafe-inline'; manifest-src admor.co admor.de 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.clarity.ms *.facebook.com *.datatrics.com https://get.geojs.io *.avada.io sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com *.easypack24.net *.inpost.pl *.openstreetmap.org t.elasticsuite.io *.hsforms.net *.hsforms.com region1.analytics.google.com ga2.getresponse.com graph.instagram.com analytics.pangle-ads.com adservice.google.com ts.getresponse.pl popups1-show.getresponse.com popups1-s.getresponse.com www.google.gr data service.gstatic-cache.com d2pky5fwbi4lk0.cloudfront.net www.google.hr ruch-osm.sysadvisors.pl admor.co admor.de *.instagram.com *.getresponse.com *.google.pl google.pl *.pangle-ads.com *.getresponse.pl *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.tiktok.com *.apptrian.com *.get.geojs.io *.cookiefirst.com embedsocial.com *.embedsocial.com *.googlesyndication.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com admor.co admor.de http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com admor.co admor.de 'self' 'unsafe-inline' 'unsafe-eval'; base-uri admor.co admor.de 'self' 'unsafe-inline'; report-uri /csp_reporter.php; 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net *.fontawesome.com id.dokobit.com id-sandbox.dokobit.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self' *.maksekeskus.ee *.test.maksekeskus.ee 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://app.usercentrics.eu 'self' *.maksekeskus.ee *.test.maksekeskus.ee 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io *.dokobit.com *.google.lv *.openstreetmap.org https://maps.omnivasiunta.lt ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://app.usercentrics.eu *.disqus.com *.maksekeskus.ee *.test.maksekeskus.ee *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.dokobit.com *.usercentrics.eu *.hotjar.com https://unpkg.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://www.googletagmanager.com https://polyfill.io https://api.usercentrics.eu https://id-sandbox.dokobit.com *.disqus.com *.avada.io 'self' *.maksekeskus.ee *.test.maksekeskus.ee data: *.hsforms.net *.hsforms.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com id.dokobit.com id-sandbox.dokobit.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io *.dokobit.com *.doubleclick.net https://geocode.arcgis.com https://api.usercentrics.eu https://id-sandbox.dokobit.com https://get.geojs.io *.avada.io 'self' *.maksekeskus.ee *.test.maksekeskus.ee t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' *.maksekeskus.ee *.test.maksekeskus.ee http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.google.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com *.gstatic.com 'self' data: data: *.tawk.to data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.tawk.to 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.openpay.mx *.openpay.co *.opencontrol.mx *.kaptcha.com *.openpay.pe *.paynet.com.mx c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * cdn.dnky.co amc.demdex.net www.google.com youtube.com *.tawk.to 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.postimg.cc *.openpay.mx www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: maps.gstatic.com maps.googleapis.com accounts.google.com *.tawk.to cdn.jsdelivr.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.s3.amazonaws.com *.openpay.co *.openpay.pe *.google-analytics.com *.google.com/recaptcha/ *.gstatic.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.google.com *.gstatic.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com player.vimeo.com https://maps.googleapis.com *.tawk.to cdn.jsdelivr.net *.convertexperiments.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com cdn.dnky.co *.tawk.to cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.openpay.mx *.openpay.co *.openpay.pe api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com api.comapi.com bam.nr-data.net *.tawk.to wss://*.tawk.to 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com 'self' data: *.cloudflare.com *.bootstrapcdn.com *.twitter.com *.typekit.net *.easypack24.net *.google.pl *.google.com *.inpost.pl data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ secure.payu.com merch-prod.snd.payu.com *.ceneo.pl *.dpd.com.pl *.cookiebot.com/ *.inpost.pl 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com *.googleapis.com *.gstatic.com https://ssl.ceneo.pl http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ static.payu.com 'self' data: *.amazonaws.com *.imgur.com *.ekomiapps.de *.tile.osm.org *.cloudflare.com *.githubusercontent.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.facebook.com *.magentocommerce.com *.salesmanago.pl *.salesmanago.com *.salesmanago.es *.sysadvisors.pl *.google.pl *.google.com *.cookiebot.com/ *.inpost.pl data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ apis.google.com *.gstatic.com https://ssl.ceneo.pl http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io https://cdnjs.cloudflare.com *.payu.com secure.snd.payu.com *.google.pl *.ekomiapps.de *.hotjar.com *.sysadvisors.pl *.magentocommerce.com *.braintreegateway.com *.githubusercontent.com *.paypall.com *.cardinalcommerce.com *.authorize.net *.salesmanago.pl *.salesmanago.com *.salesmanago.es *.googletagmanager.com *.facebook.net *.facebook.com *.cloudflare.com *.twitter.com *.fontawesome.com *.google-analytics.com *.trustedshops.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com graph.facebook.com *.ekomiapss.de *.easypack24.net *.allekurier.pl *.google.com *.cookiebot.com *.inpost.pl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.googleapis.com *.gstatic.com *.ekomiapps.de *.sysadvisors.pl *.cloudflare.com *.bootstrapcdn.com *.ekomiapss.de *.easypack24.net *.google.pl *.google.com *.inpost.pl 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io secure.payu.com merch-prod.snd.payu.com t.elasticsuite.io *.google-analytics.com *.ekomiapps.de *.cloudflare.com *.tile.osm.org *.openstreetmap.org *.twitter.com *.paypal.com *.sysadvisors.pl *.salesmanago.pl *.googleadservices.com *.google.pl *.google.com *.googlesyndication.com *.cookiebot.com *.saleago.com *.hotjar.io *.doubleclick.net *.inpost.pl 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com *.openstreetmap.org *.paypal.com *.google.pl *.google.com *.inpost.pl *.tile.osm.org 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /zsteam_csp; report-to report-endpoint; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.googleapis.com maxcdn.bootstrapcdn.com *.cloudflare.com *.cloudfront.net 'unsafe-inline' data: *.simpler.so *.socital.com *.google.com *.bestprice.gr *.pstatic.gr *.adman.gr *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com www.facebook.com *.google.com *.simpler.so *.socital.com *.bestprice.gr *.pstatic.gr *.adman.gr *.googlesyndication.com *.twitter.com *.cardlink.gr *.alphaecommerce.gr 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.google.com *.doubleclick.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cookiebot.com *.contactpigeon.com *.skroutz.gr *.tiktok.com *.hotjar.com go.linkwi.se *.criteo.com *.simpler.so *.bestprice.gr *.pstatic.gr greca.adman.gr *.googlesyndication.com http://trustmark.gr https://trustmark.gr *.socital.com *.addtoany.com *.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com connect.facebook.net graph.facebook.com business.facebook.com *.clarity.ms *.socital.com www.google.gr *.contactpigeon.com *.cookiebot.com *.google-analytics.com *.skroutz.gr http://trustmark.gr https://trustmark.gr *.tiktok.com *.adnxs.com *.criteo.com *.e-satisfaction.com *.simpler.so *.bestprice.gr *.pstatic.gr *.adman.gr 'unsafe-inline' data: *.cdninstagram.com *.snapppt.com *.cloudflare.com *.klarna.com *.googleadservices.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io 'self' data: *.cookiebot.com *.googleadservices.com *.googleoptimize.com *.addtoany.com *.pinterest.com *.tumblr.com *.tiktok.com go.linkwi.se *.google.gr *.contactpigeon.com *.skroutz.gr *.adman.gr *.e-satisfaction.com http://trustmark.gr https://trustmark.gr *.hotjar.com skroutza.skroutz.gr *.socital.com *.criteo.net *.criteo.com *.simpler.so *.clarity.ms *.bestprice.gr *.pstatic.gr *.googlesyndication.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.addtoany.com maxcdn.bootstrapcdn.com *.socital.com *.cloudfront.net *.google.com *.contactpigeon.com *.myfonts.net *.cloudfront.com *.e-satisfaction.com http://trustmark.gr https://trustmark.gr *.simpler.so *.bestprice.gr *.pstatic.gr greca.adman.gr *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com www.facebook.com *.facebook.net *.google.com artserver.gr connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io http://dpm.demdex.net maps.googleapis.com stats.g.doubleclick.net *.cookiebot.com *.tiktok.com *.doubleclick.net *.googlesyndication.com *.clarity.ms 'self' wss: 'unsafe-inline' wss: *.sentry.io *.contactpigeon.com *.e-satisfaction.com snapppt.com *.socital.com *.hotjar.com *.simpler.so *.bestprice.gr *.pstatic.gr *.adman.gr *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.google.com *.google.de *.google.si *.google.at *.google.it *.google.fr *.google.ch *.google.hu *.gstatic.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com cdn-scripts.signifyd.com www.youtube.com polyfill.io jquery.sellxed.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net *.cashpresso.com *.gstatic.com *.google.com *.google.de *.google.si *.google.at *.google.it *.google.fr *.google.ch *.google.hu *.trackedlink.net s7.addthis.com https://www.googletagmanager.com tagmanager.google.com www.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cashpresso.com *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com *.algolia.net *.algolia.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net *.google-analytics.com *.doubleclick.net *.cashpresso.com ekr.zdassets.com/ https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com fonts.gstatic.com https://maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ https://www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://accounts.google.com https://*.google.com https://*.hotjar.com https://vars.hotjar.com https://www.facebook.com https://*.criteo.com https://gum.criteo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com public.montonio.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://www.facebook.com https://www.google.com https://www.google.ee https://www.google-analytics.com rx.upitech.ee data: http: https: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.polyfill.io https://browser.sentry-cdn.com https://www.google.com https://www.gstatic.com public.montonio.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net rx.upitech.ee http: https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com rx.upitech.ee http: https: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.ingest.sentry.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com https://stats.g.doubleclick.net rx.upitech.ee http: https: wss: 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src blob:; font-src *.googleapis.com *.gstatic.com data: fonts.gstatic.com *.kxcdn.com *.fontawesome.com 'self' data: *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.epay.bg 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com *.paypal.com *.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.gstatic.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cdninstagram.com *.kxcdn.com amcglobal.sc.omtrdc.net *.twitter.com *.google.com *.fbcdn.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.disqus.com *.hsforms.net *.hsforms.com 'self' data: *.openstreetmap.org https://maps.googleapis.com *.cloudfront.net https://cdn.klarna.com *.paypal.com https://s.ytimg.com *.usercentrics.eu assets.adobedtm.com *.adobedtm.com *.bing.com *.clarity.ms *.google.bg data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com cdn.ampproject.org googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.disqus.com *.hsforms.net *.hsforms.com *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.google-analytics.com www.gstatic.com assets.adobedtm.com *.adobedtm.com *.googleadservices.com *.googletagmanager.com *.google.bg *.paypal.com *.paypalobjects.com *.klarna.com *.clarity.ms *.epay.bg https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com downloads.mailchimp.com *.fontawesome.com *.cloudflare.com getfirebug.com *.yotpo.com *.typekit.net *.trustedshops.com *.usercentrics.eu data: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com dpm.demdex.net *.instagram.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.openstreetmap.org https://maps.googleapis.com *.cloudflare.com *.paypal.com *.clarity.ms *.google.bg *.google.com *.analytics.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src *.klarnacdn.net *.fontawesome.com *.alothemes.com *.magepow.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.klarnaevt.com *.google.de *.klarna.com *.doubleclick.net secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.klarna.com *.klarnaevt.com *.klarnacdn.net *.google.de *.alothemes.com *.magepow.com https://api.mapbox.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.klarnaevt.com *.klarnacdn.net *.klarnaservices.com *.google.de *.doubleclick.net *.alothemes.com *.magepow.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klarnacdn.net *.fontawesome.com *.alothemes.com *.magepow.com d.ratepay.com d.payla.io dr.payla.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.doubleclick.net *.google.de *.google.com *.google-analytics.com *.alothemes.com *.magepow.com payments.amazon.de d.ratepay.com jsctool.com eu.playground.klarnaevt.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.cloudflare.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.useinsider.com *.api.useinsider.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.youtube.com *.g.doubleclick.net *.facebook.com *.facebook.net *.useinsider.com *.api.useinsider.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.g.doubleclick.net *.facebook.com *.facebook.net *.awoo.org *.tigerfly.tw *.awoo.com *.useinsider.com *.api.useinsider.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://mas.astralweb.com.tw *.facebook.com *.facebook.net *.cloudflare.com *.ytimg.com *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.magentocommerce.com *.gstatic.com *.cloudfront.net *.google.com *.google.com.tw *.useinsider.com *.api.useinsider.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.facebook.net *.cloudflare.com *.twitter.com *.fontawesome.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.google.com *.zdassets.com *.g.doubleclick.net *.facebook.com *.awoo.org *.tigerfly.tw *.awoo.com *.useinsider.com *.api.useinsider.com *.avada.io https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.useinsider.com *.api.useinsider.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com *.useinsider.com *.api.useinsider.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.google-analytics.com *.googletagmanager.com *.zendesk.com *.zopim.com *.zdassets.com *.gstatic.com wss://widget-mediator.zopim.com *.cardinalcommerce.com *.awoo.org *.tigerfly.tw *.awoo.com *.useinsider.com *.api.useinsider.com wss://*.useinsider.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.google.com *.google.com.tw *.facebook.com *.facebook.net *.awoo.org *.tigerfly.tw *.awoo.com *.useinsider.com *.api.useinsider.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com https://media.flixcar.com/ *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com https://ipgtest.monri.com/ https://ipg.monri.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: *.vimeocdn.com i.ytimg.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.googleadservices.com www.google-analytics.com rt.flix360.com https://media.flixfacts.com/ https://media.flixcar.com/ *.hsforms.net *.hsforms.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com www.googleadservices.com www.google-analytics.com https://media.flixfacts.com/ https://media.flixcar.com/ https://ipgtest.monri.com/ https://ipg.monri.com/ *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://media.flixfacts.com/ https://media.flixcar.com/ *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com www.google-analytics.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://events.mercadolibre.com/csp/reports?identifier=jRuisOMjDBl8yf2xetBFynFnOsHb9gusErSA-ooIZNQWVYMAKXgC-Po5d06V_KH5&policy_id=71&user_id=&request_id=d6b20469-d19d-4936-954d-cb8973c9b70f; report-to csp-endpoint; frame-ancestors 'none' 1
font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.google.com *.addthis.com *.pinterest.com *.weltpixel.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.facebook.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io *.googletagmanager.com *.google-analytics.com *.facebook.net *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.googleapis.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.google-analytics.com *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.addthis.com *.doubleclick.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com *.metricool.com *.google.com.ar *.google.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://assets-cdn.woowup.com/js/webtracking.min.js https://code.jquery.com/jquery-2.2.4.min.js *.aptrinsic.com *.facebook.net *.facebook.com *.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://live.decidir.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://events.woowup.com/events/users *.facebook.net *.facebook.com *.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://developers.decidir.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.aptrinsic.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src portal.bulkgate.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.benu.hu data: *.googleapis.com *.hotjar.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com portal.bulkgate.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com portal.bulkgate.com *.facebook.com business.facebook.com data: *.google.com *.youtube.com *.publitas.com *.fliphtml5.com *.hotjar.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net *.vimeocdn.com s.ytimg.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com portal.bulkgate.com *.facebook.com business.facebook.com https://redchamps.com www.safemage.com *.benu.hu *.cloudfront.net *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com image.arukereso.hu *.google.hu *.hotjar.com *.arukereso.hu *.bing.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com portal.bulkgate.com *.gstatic.com business.facebook.com *.avada.io https://cdnjs.cloudflare.com maps.googleapis.com *.google.com *.googletagmanager.com https://googleads.g.doubleclick.net *.googleadservices.com *.prefixbox.com *.publitas.com *.hotjar.com *.benu.hu *.arukereso.com gravity-dev-assets.oss-eu-central-1.aliyuncs.com benuhu.engine.yusp.com https://maileon-cdn.s3.eu-central-1.amazonaws.com/met/met.js clarity.ms *.clarity.ms *.bing.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com portal.bulkgate.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.googleapis.com *.prefixbox.com *.benu.hu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com portal.bulkgate.com *.gstatic.com business.facebook.com *.benu.hu *.google-analytics.com *.prefixbox.com *.doubleclick.net *.services.visualstudio.com *.hotjar.com *.hotjar.io benuhu.engine.yusp.com *.maileon.hu 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://get.geojs.io *.avada.io *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.hotjar.com *.gstatic.com 'self' data: *.tawk.to fonts.gstatic.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.tawk.to *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.doubleclick.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.hotjar.com *.tawk.to *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://images.unsplash.com *.google.com *.google.it *.doubleclick.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.hotjar.com maps.gstatic.com *.trustedshops.com *.etrusted.com *.tawk.to cdn.jsdelivr.net https://widgets.trustedshops.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io *.iubenda.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com *.hotjar.com maps.googleapis.com *.trustedshops.com *.etrusted.com *.tawk.to cdn.jsdelivr.net https://widgets.trustedshops.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.iubenda.com unsafe-inline *.googleapis.com *.gstatic.com *.trustedshops.com *.etrusted.com *.tawk.to fonts.googleapis.com cdn.jsdelivr.net https://widgets.trustedshops.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io *.iubenda.com google.com *.google.com *.analytics.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google-analytics.com *.doubleclick.net *.hotjar.com *.tawk.to wss://*.tawk.to *.trustedshops.com *.etrusted.com analytics.google.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.sandbox.paypal.com *.youtube.com *.paypal.com *.googleadservices.com *.google-analytics.com *.google.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.placeholder.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.twitter.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.googleapis.com *.placeholder.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com landofcoder.com *.google.com *.google.com.ua *.google.co.uk *.meetanshi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com api.razorpay.com *.twitter.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.googleapis.com *.placeholder.com cdn.lightwidget.com lightwidget.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.google.com *.google.com.ua *.google.co.uk *.doubleclick.net *.meetanshi.com https://meetanshi.com/media/logo.png www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com cdn.razorpay.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cdninstagram.com *.youtube.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.googleapis.com *.placeholder.com cdn.lightwidget.com lightwidget.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com landofcoder.com *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.googletagmanager.com *.doubleclick.net *.avada.io *.meetanshi.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com checkout.razorpay.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.instagram.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.googleapis.com *.placeholder.com cdn.lightwidget.com lightwidget.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.google.com *.youtube.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.placeholder.com cdn.lightwidget.com lightwidget.com *.yotpo.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com landofcoder.com *.google-analytics.com *.google.com https://get.geojs.io *.avada.io *.meetanshi.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com lumberjack.razorpay.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.youtube.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.googleapis.com *.placeholder.com cdn.lightwidget.com lightwidget.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com *.gstatic.com data: https://*.dnafactory.it https://*.dnalab.online *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://*.dnafactory.it https://*.dnalab.online *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.multisafepay.com https://pay.google.com https://*.dnafactory.it https://*.dnalab.online https://*.trustpilot.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com *.multisafepay.com https://*.dnafactory.it https://*.dnalab.online www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://*.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.multisafepay.com https://pay.google.com widget.freshworks.com m2epro.freshdesk.com https://*.dnafactory.it https://*.dnalab.online https://*.trustpilot.com https://*.clerk.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.google.com *.gstatic.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.multisafepay.com widget.freshworks.com m2epro.freshdesk.com https://*.dnafactory.it https://*.dnalab.online *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com https://*.klarnacdn.net unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://*.klarnacdn.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org *.multisafepay.com widget.freshworks.com m2epro.freshdesk.com https://*.dnafactory.it https://*.dnalab.online www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io https://*.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: static.addtoany.com cdn.cookielaw.org *.onetrust.com *.doubleclick.net cdn.jsdelivr.net www.google.com.ar *.googleapis.com get.geojs.io www.googletagmanager.com analytics.google.com cdnjs.cloudflare.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' https://branchapp.in https://branch.co https://branch.co.ke https://branch.com.ng https://branch.co.tz https://d2c5ectx2y1vm9.cloudfront.net; script-src 'self' https://d2c5ectx2y1vm9.cloudfront.net https://code.jquery.com https://ga.jspm.io https://connect.facebook.net https://www.googletagmanager.com https://www.gstatic.com/ https://cdnjs.cloudflare.com 'unsafe-inline' blob: https://www.recaptcha.net https://sdk.cashfree.com; style-src 'self' https://d2c5ectx2y1vm9.cloudfront.net https://cdnjs.cloudflare.com 'unsafe-inline'; font-src 'self' https://d2c5ectx2y1vm9.cloudfront.net https://fonts.gstatic.com data:; img-src 'self' https://d2c5ectx2y1vm9.cloudfront.net https://www.facebook.com data: blob: https://branch-in-production.s3.ap-south-1.amazonaws.com https://fonts.gstatic.com https://graph.facebook.com https://branch-in-public.s3.amazonaws.com; object-src 'self' blob:; connect-src 'self' https://accounts.google.com https://browser-intake-datadoghq.com https://ga.jspm.io https://d2c5ectx2y1vm9.cloudfront.net https://branch-in-production-temp.s3.ap-south-1.amazonaws.com; frame-src https://www.recaptcha.net https://sdk.cashfree.com https://www.googletagmanager.com https://branch-in-production.s3.ap-south-1.amazonaws.com; media-src https://d2c5ectx2y1vm9.cloudfront.net; report-uri /csp-violation-report-endpoint 1
font-src static.runconverge.com *.facebook.net *.facebook.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.google.com *.pinimg.com ssl.gstatic.com www.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.runconverge.com *.facebook.net *.facebook.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.google.com *.pinimg.com ssl.gstatic.com www.gstatic.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.runconverge.com *.facebook.net *.facebook.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.google.com *.pinimg.com ssl.gstatic.com www.gstatic.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.google.nl *.doubleclick.net static.runconverge.com *.facebook.net *.facebook.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.google.com *.pinimg.com ssl.gstatic.com www.gstatic.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ apis.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.doubleclick.net *.googlesyndication.com *.svgator.com *.runconverge.com *.facebook.net *.facebook.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.google.com *.pinimg.com ssl.gstatic.com www.gstatic.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.runconverge.com *.facebook.net *.facebook.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.google.com *.pinimg.com ssl.gstatic.com www.gstatic.com unsafe-inline assets.braintreegateway.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google.nl *.doubleclick.net *.googlesyndication.com *.runconverge.com *.facebook.net *.facebook.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.google.com *.pinimg.com ssl.gstatic.com www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://plumrocket.com *.yotpo.com *.mercadopago.com.uy 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mercadopago.com.uy 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com assets.braintreegateway.com cdn.dnky.co webchat.dotdigital.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://plumrocket.com *.wesupply.xyz *.weltpixel.com *.yotpo.com *.mercadopago.com.uy mercadopago.com.uy mercadopago.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com validator.swagger.io ebizmarts-website.s3.amazonaws.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.gstatic.com *.yotpo.com assets.adobedtm.com *.googleapis.com *.mercadopago.com.uy data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com https://devdocs.magento.com https://magento.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.chimpstatic.com *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com *.adobedtm.com *.growecommerce.uy *.googleapis.com *.hotjar.com *.fontawesome.com chimpstatic.com *.mercadopago.com.uy *.google.com *.gstatic.com http2.mlstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com tagmanager.google.com *.yotpo.com *.googleapis.com *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com https://devdocs.magento.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com *.doubleclick.net *.facebook.com js.mollie.com *.sendcloud.sc 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.bird.eu *.mageside.com mageside.com *.sooqr.com https://www.mollie.com *.pixriot.com *.storeimaging.com *.magentocommerce.com *.google-analytics.com  *.fontawesome.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleadservices.com *.gstatic.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com s7.addthis.com *.sooqr.com js.mollie.com *.sendcloud.sc 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.sooqr.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net ekr.zdassets.com/ *.pixriot.com *.storeimaging.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'unsafe-inline' data: 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://app.burton.test/; report-to report-endpoint; 1
report-uri https://events.mercadolibre.com/csp/reports?identifier=jRuisOMjDBl8yf2xetBFynFnOsHb9gusErSA-ooIZNQWVYMAKXgC-Po5d06V_KH5&policy_id=71&user_id=&request_id=9d735b1f-69b6-494c-a028-fc6bf0f69547; report-to csp-endpoint; frame-ancestors 'none' 1
font-src *.gstatic.com 'self' data: stats.g.doubleclick.net *.facebook.com *.cloudflare.com *.twitter.com *.typekit.net *.googleapis.com *.fontawesome.com *.bootstrapcdn.com https://int-ecommerce.nexi.it/ecomm/XPayBuild/ *.klarnacdn.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.doubleclick.net *.facebook.com *.twitter.com *.addthis.com https://int-ecommerce.nexi.it/ https://hal9000.redintelligence.net/ https://ad4m.at/frame.html *.hotjar.com *.criteo.com *.klarna.com int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.bird.eu *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com https://ecommerce.nexi.it/ecomm/payment/img/visa.svg https://ecommerce.nexi.it/ecomm/payment/img/mastercard.svg https://ecommerce.nexi.it/ecomm/payment/img/logoNexiLarge.png https://ecommerce.nexi.it/ecomm/payment/img/maestro.svg https://form.jotform.com/ https://www.google.it/ https://as.ad4m.at/ad/ https://r.adserver01.de/rt/ *.taboola.com/ https://track.adform.net/ https://ads.creative-serving.com/ https://adservice.google.it/ https://secure.adnxs.com/ https://events.jotform.com/jsform/ *.favicon.ico https://cdn.jotfor.ms/assets/img/logo/logo-new@1x.png https://cdn.jotfor.ms/favicon.ico https://tr.outbrain.com/unifiedPixel https://criteo-partners.tremorhub.com/ https://contextual.media.net/ https://ad.360yield.com/ https://jadserve.postrelease.com https://simage2.pubmatic.com/ https://ib.adnxs.com/ https://pixel.rubiconproject.com/ https://rtb-csync.smartadserver.com/ https://criteo-sync.teads.tv/ https://eb2.3lift.com/ https://visitor.omnitagjs.com/ https://s.thebrighttag.com *.criteo.com/ *.analytics.yahoo.com/ https://beacon.krxd.net/ https://x.bidswitch.net/ https://e1.emxdgt.com/ *.ads.yieldmo.com https://ad.yieldlab.net/ https://match.sharethrough.com/ https://sync.outbrain.com/ https://exchange.mediavine.com/ https://matching.ivitrack.com/ https://id5-sync.com *.klarna.com *.klarnaevt.com *.klarnacdn.net int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com cdn.klarna.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.cloudflare.com *.twitter.com googletagmanager.com *.trustedshops.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com apis.google.com graph.facebook.com widgets.pinterest.com *.nr-data.net js-agent.newrelic.com cdn.scalapay.com int-ecommerce.nexi.it form.jotform.com www.dwin1.com ad4m.at *.taboola.com *.hotjar.com *.outbrain.com static.criteo.net static.hotjar.com cdn.jotfor.ms dynamic.criteo.com *.smct.io *.smct.co https://smct.co/ *.iubenda.com hits-i.iubenda.com *.mainadv.com *.klarna.com *.klarnacdn.net ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com www.google.com www.gstatic.com *.klarnaservices.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.cloudflare.com *.twitter.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com https://form.jotform.com/ *.jotfor.ms *.klarnacdn.net unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.cloudflare.com *.twitter.com *.paypal.com *.nr-data.net https://int-ecommerce.nexi.it/ *.hotjar.com https://stats.g.doubleclick.net/j/collect *.criteo.com https://trc-events.taboola.com/1052370/log/3/unip https://firehose.eu-west-1.amazonaws.com https://hits-i.iubenda.com/write https://cognito-identity.eu-west-1.amazonaws.com/ https://tr.outbrain.com/ https://www.wepowerconnections.com/ *.klarnaevt.com int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://integration-5ojmyuq-zgzvw2kr4mr5m.eu-5.magentosite.cloud/italiano; report-to report-endpoint; 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net https://fonts.gstatic.com *.fontawesome.com https://fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io https://static.buckaroo.nl ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com *.facebook.com https://mylivechat.com https://uk.mylivechat.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl chimpstatic.com downloads.mailchimp.com *.list-manage.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.googletagmanager.com *.facebook.net https://partner-cdn.shoparize.com https://partner.shoparize.com *.trustpilot.com https://www.feedbackcompany.com https://mylivechat.com https://uk.mylivechat.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl downloads.mailchimp.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com *.trustpilot.com https://uk.mylivechat.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.google-analytics.com https://partner.shoparize.com https://partner-cdn.shoparize.com https://www.feedbackcompany.com https://mylivechat.com https://uk.mylivechat.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudmaestro.com widget-mediator.zopim.com www.ubteam.co.uk ubteam.co.uk *.google-analytics.com *.zdassets.com v2.zopim.com server.iad.liveperson.net fast.wistia.com *.googleapis.com www.cdn.ubteam.co.uk choicecard.ubteam.co.uk telco.ubteam.co.uk ubteam.eu ubteam.ie ubteam.se fast.wistia.net; report-uri /.webscale/csp-report 1
report-uri https://events.mercadolibre.com/csp/reports?identifier=jRuisOMjDBl8yf2xetBFynFnOsHb9gusErSA-ooIZNQWVYMAKXgC-Po5d06V_KH5&policy_id=71&user_id=&request_id=621e2e16-6058-4533-9190-a61e0cd7aa91; report-to csp-endpoint; frame-ancestors 'none' 1
report-uri https://events.mercadolibre.com/csp/reports?identifier=jRuisOMjDBl8yf2xetBFynFnOsHb9gusErSA-ooIZNQWVYMAKXgC-Po5d06V_KH5&policy_id=71&user_id=&request_id=34c5e91e-5c99-48d8-a41a-95bede9e8108; report-to csp-endpoint; frame-ancestors 'none' 1
font-src fonts.googleapis.com fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com www.google.com cdn.dnky.co webchat.dotdigital.com h.online-metrix.net eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com c.sharethis.mgr.consensu.org *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com platform-api.sharethis.com platform-cdn.sharethis.com l.sharethis.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com cdn.conekta.io conektaapi.s3.amazonaws.com cdn.dnky.co api.comapi.com webchat.dotdigital.com h.online-metrix.net eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com static.zdassets.com buttons-config.sharethis.com platform-cdn.sharethis.com platform-api.sharethis.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.conekta.io api.comapi.com webchat.dotdigital.com ekr.zdassets.com l.sharethis.com *.zendesk.com wss://widget-mediator.zopim.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com https://www.correios.com.br 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com assets.braintreegateway.com cdn.dnky.co webchat.dotdigital.com *.mercadolibre.com www.facebook.com www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com www.youtube.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.mlstatic.com *.mercadopago.com *.pagseguro.com.br maps.googleapis.com cdn.ampproject.org www.gstatic.com connect.facebook.net www.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com www.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.mercadopago.com *.mercadolibre.com https://ws.correios.com.br cdn.ampproject.org www.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://seo.mageplaza.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.google.com *.google.com *.doubleclick.net *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com platform.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://cdn.clerk.io flagpedia.net pinterest.com assets.pinterest.com syndication.twitter.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://api.clerk.io https://cdn.clerk.io upstream.heidipay.com *.avada.io twitter.com platform.twitter.com tracking.trovaprezzi.it www.trovaprezzi.it 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://api.clerk.io https://cdn.clerk.io *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com upstream.heidipay.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.g.doubleclick.net https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.google.com *.google.com.ar *.googlesyndication.com  *.googleapis.com  *.googletagmanager.com *.gstatic.com  *.facebook.com blob: https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.g.doubleclick.net *.googlesyndication.com *.google.com.ar  *.googleadservices.com  *.googleapis.com  *.nr-data.net  *.facebook.net  *.newrelic.com *.google.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googlesyndication.com *.g.doubleclick.net  *.googleapis.com  *.nr-data.net  *.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.google.com/ https://www.youtube.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.avada.io *.google.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src-elem 'self' *.adform.net *.bing.com *.cookiebot.com *.doubleclick.net *.facebook.net *.googleapis.com *.googletagmanager.com *.itnova.nl *.jquery.com *.pingdom.net sc-static.net *.snapchat.com *.tiktok.com *.vimeocdn.com *.mailplus.nl *.paazl.com; font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.adform.net *.cookiebot.com *.snapchat.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.adyen.com 'self' data: *.google.nl *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.bing.com *.cookiebot.com *.itnova.nl *.jquery.com *.snapchat.com *.tradetracker.net *.mailplus.nl *.xcdn.com *.xcdn.nl data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com https://widget-acc.paazl.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://widget-acc.paazl.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.cookiebot.com *.googleapis.com *.ipify.org *.pingdom.com *.pingdom.net *.snapchat.com sc-static.net *.tiktok.com https://widget-acc.paazl.com *.paazl.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src cdn.jsdelivr.net cdn.almapay.com https://fonts.gstatic.com https://ws.colissimo.fr https://cdn.almapay.com https://client.crisp.chat *.fontawesome.com * data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://tpeweb.e-transactions.fr 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.getalma.eu https://www.youtube.com https://form.typeform.com https://www.youtube-nocookie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr https://t1-maps.onyourmap.com https://t2-maps.onyourmap.com https://t3-maps.onyourmap.com https://t4-maps.onyourmap.com https://api.mapbox.com https://axeptio.imgix.net https://www.google.com https://t0.gstatic.com https://t1.gstatic.com https://t2.gstatic.com https://t3.gstatic.com https://www.google.fr https://region1.google-analytics.com https://www.shopimind.com https://www.googletagmanager.com https://image.crisp.chat https://client.crisp.chat https://stats.g.doubleclick.net https://googleads.g.doubleclick.net cdn.doofinder.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com https://www.youtube.com https://static.axept.io https://www.googletagmanager.com http://static.axept.io https://client.crisp.chat https://brand-widgets.rr.skeepers.io https://analytics-manager.com https://www.google.fr https://newsletter.chassemarket.com cdn.doofinder.com *.avada.io https://media.shopimind.io https://app-spm.com https://static-spm.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com  https://client.crisp.chat https://newsletter.chassemarket.com *.doofinder.com *.fontawesome.com https://media.shopimind.io https://app-spm.com https://static-spm.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.getalma.eu https://nominatim.openstreetmap.org https://client.axept.io https://api.axept.io https://stats.g.doubleclick.net https://region1.google-analytics.com wss://client.relay.crisp.chat wss://stream.relay.crisp.chat https://region1.analytics.google.com https://client.crisp.chat https://t1-maps.onyourmap.com https://t2-maps.onyourmap.com https://t3-maps.onyourmap.com https://t4-maps.onyourmap.com https://www.google.com https://adservice.google.com https://analytics.google.com https://www.google.fr https://newsletter.chassemarket.com https://api.paypal.com *.doofinder.com wss://*.doofinder.com https://get.geojs.io *.avada.io https://media.shopimind.io https://app-spm.com https://static-spm.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://media.shopimind.io https://app-spm.com https://static-spm.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://cc8320165b14b59d70aa517453641b00.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.gstatic.com *.googleapis.com www.clickmayora.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://script.hotjar.com https://fonts.gstatic.com https://use.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.facebook.com https://www.paypal.com https://www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ ipinfo.io www.facebook.com platform.twitter.com https://vars.hotjar.com https://4914179.fls.doubleclick.net https://pixel.mathtag.com https://www.facebook.com https://bid.g.doubleclick.net https://www.paypal.com https://www.sandbox.paypal.com https://ssl.widgets.webengage.com https://zc2ab3220.webengage.co https://z2024bb90.webengage.co 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com https://www.google.com https://www.google.co.in https://ds0rwwup944qj.cloudfront.net https://www.googletagmanager.com https://www.facebook.com https://script.hotjar.com https://images.notifications-icommkt.com https://www.gstatic.com https://www.paypal.com https://www.sandbox.paypal.com https://www.e-compreahora.com https://connect.facebook.net https://ssl.widgets.webengage.com https://cdn.cookielaw.org https://dgn3cmgewqdgl.cloudfront.net https://afiles.webengage.com https://maps.gstatic.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ ipinfo.io connect.facebook.net twitter.com platform.twitter.com https://d12zyq17vm1xwx.cloudfront.net https://static.hotjar.com https://script.hotjar.com https://www.google.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://script.crazyegg.com https://connect.facebook.net https://googleads.g.doubleclick.net https://storage.cdn.braindw.com https://s.braindw.com https://www.paypal.com https://www.sandbox.paypal.com https://externalassets.icommarketing.com https://ssl.widgets.webengage.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://c.webengage.com https://static.zdassets.com https://bam.nr-data.net https://use.fontawesome.com https://maps.googleapis.com https://polyfill.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://use.fontawesome.com 'self' 'unsafe-inline'; object-src ipinfo.io 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ipinfo.io https://s.braindw.com https://stats.g.doubleclick.net https://notifications-icommkt.com https://in.hotjar.com wss://ws14.hotjar.com https://script.crazyegg.com https://www.facebook.com https://bam-cell.nr-data.net https://www.google-analytics.com https://unileverbrazil.demdex.net https://surveystats.hotjar.io https://u.braindw.com https://track-icommkt.com https://gstatic.com https://vc.hotjar.io wss://ws12.hotjar.com wss://ws2.hotjar.com https://ws12.hotjar.com https://ws2.hotjar.com https://www.paypal.com https://www.sandbox.paypal.com https://p.braindw.com https://connect.facebook.net https://cdn.cookielaw.org https://c.webengage.com https://ekr.zdassets.com https://martech2364.zendesk.com https://bam.nr-data.net https://maps.googleapis.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal-eu.onetrust.com/request/v1/consentreceipts 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' construmarques.com.br *.construmarques.com.br construmarques.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.soclminer.com.br *.egoi.site egoi.site *.e-goi.com *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.azurewebsites.net *.blob.core.windows.net *.boletoflex.com samuraiexpertsstorage.blob.core.windows.net boletoflexhom.azurewebsites.net boletoflex.azurewebsites.net *.bflx.com.br *.google.com analytics.google.com *.g.doubleclick.net *.googleadservices.com *.com.au service.smarthint.co *.google.com.br *.fbits.store *.adyen.com *.pagar.me *.mundipagg.com *.facebook.net *.googleapis.com *.google.de *.googletagmanager.com *.google.pt *.google-analytics.com *.google.fr *.com.py *.co.jp *.braintree-api.com *.*.braintree-api.com *.braintreegateway.com *.*.braintreegateway.com *.pagseguro.com.br *.*.pagseguro.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.construmarques.com.br construmarques.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho 1
font-src *.klevu.com *.ksearchnet.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.zopim.com *.gstatic.com *.tawk.to *.jsdelivr.net media.flixfacts.com 'unsafe-inline' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com oppwa.com *.oppwa.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; frame-ancestors *.hana.ondemand.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ maps.googleapis.com chart.googleapis.com oppwa.com *.oppwa.com data:text *.google.com *.nosto.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.addthis.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.cloudflare.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.gstatic.com *.zopim.com *.nosto.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co *.tawk.to tawk.link *.tawk.link *.addthis.com *.jsdelivr.net *.facebook.com *.azurewebsites.net maps.googleapis.com app.mobicredwidget.co.za media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.klevu.com *.ksearchnet.com maps.googleapis.com chart.googleapis.com *.avada.io *.oppwa.com oppwa.com *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.newrelic.com *.klevu.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.nosto.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.to *.tawk.link *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.mouseflow.com *.nr-data.net *.facebook.com *.what3words.com commerce.adobedtm.com magento-recs-sdk.adobe.net static.zdassets.com app.mobicredwidget.co.za www.gstatic.com connect.facebook.net bam.nr-data.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klevu.com *.ksearchnet.com *.fontawesome.com oppwa.com *.oppwa.com *.cloudflare.com *.googleapis.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klevu.com *.ksearchnet.com maps.googleapis.com chart.googleapis.com https://get.geojs.io *.avada.io oppwa.com *.oppwa.com *.testfreaks.com *.google.com *.nosto.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.paypal.com *.tawk.to wss://*.tawk.to *.tawk.link *.addthis.com *.addthisedge.com *.nr-data.net *.what3words.com *.googleapis.com vsb111.tawk.to ekr.zdassets.com api.magento.com commerce.adobedc.net app.mobicredwidget.co.za wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-eval' data: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com *.googleapis.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.cloudflare.com *.twitter.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.googlesyndication.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.instagram.com www.google.com *.google.com/ *.doubleclick.net *.facebook.com *.googlesyndication.com *.twitter.com *.google.com *.addthis.com https://www.youtube.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: *.paypal.com *.googleapis.com *.gstatic.com *.cdninstagram.com *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.twitter.com *.cloudfront.net google.com google.ro *.google.ro *.coriolan.ro ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.magezon.com https://api.mapbox.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com apis.google.com *.gstatic.com *.instagram.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.youtube.com *.vimeo.com *.google.com/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.cloudflare.com *.twitter.com googletagmanager.com *.trustedshops.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com graph.facebook.com widgets.pinterest.com chimpstatic.com www.googleadsservices.com *.cardinalcommerce.com *.zdassets.com downloads.mailchimp.com *.list-manage.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com *.googleapis.com fonts.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.cloudflare.com *.twitter.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com downloads.mailchimp.com maxcdn.bootstrapcdn.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com vimeo.com google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.cloudflare.com *.twitter.com *.amazon.com *.yotpo.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonservices.com *.amazonservices.co.uk *.amazonservices.co.jp *.amazonservices.jp *.amazonservices.it *.amazonservices.fr *.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.stripe.com x.klarnacdn.net *.klarna.com *.klarnaevt.com *.playground.klarna.com *.coriolan.ro odoo.coriolan.ro:8443 profile.coriolan.ro *.google-analytics.com *.analytics.google.com *.zdassets.com *.zendesk.com *.zopim.com wss://widget-mediator.zopim.com autocomplete2.postdirekt.de klarna.com *.klarnacdn.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.cristaisaquarius.com.br *.cristaisaquarius.local *.gstatic.com *.google.com *.google.com.br *.googleapis.com *.doubleclick.net *.googletagmanager.com *.googleadservices.com *.facebook.net *.facebook.com *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com *.criteo.com *.criteo.net https://d335luupugsy2.cloudfront.net *.rdstation.com.br data: *.akamaized.net https://vimeo.com *.vimeocdn.com amcglobal.sc.omtrdc.net *.tiktok.com *.pinterest.com *.pinimg.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cristaisaquarius.com.br *.cristaisaquarius.local *.doubleclick.net *.googletagmanager.com *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com *.criteo.com *.criteo.net https://d335luupugsy2.cloudfront.net *.rdstation.com.br *.tiktok.com *.pinterest.com *.pinimg.com https://accounts.google.com https://www.facebook.com https://login.live.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://h.online-metrix.net *.cristaisaquarius.com.br *.cristaisaquarius.local *.google.com *.google.com.br *.doubleclick.net *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.facebook.com *.ytimg.com *.googlevideo.com *.criteo.com *.criteo.net https://d335luupugsy2.cloudfront.net *.rdstation.com.br data: *.akamaized.net https://vimeo.com *.vimeocdn.com *.adobetm.com *.tiktok.com *.pinterest.com *.pinimg.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cristaisaquarius.com.br *.cristaisaquarius.local *.googleadservices.com *.google-analytics.com *.paypal.com *.google.com *.google.com.br *.googleapis.com *.doubleclick.net *.gstatic.com *.googletagmanager.com *.facebook.net *.facebook.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com *.criteo.com *.criteo.net https://d335luupugsy2.cloudfront.net *.rdstation.com.br *.akamaized.net https://vimeo.com *.adobetm.com *.tiktok.com *.pinterest.com *.pinimg.com www.google.com.ua www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://unpkg.com s7.addthis.com *.avada.io *.cristaisaquarius.com.br *.cristaisaquarius.local *.google.com *.google.com.br *.google-analytics.com *.gstatic.com *.googleapis.com *.doubleclick.net *.googletagmanager.com *.googleadservices.com *.facebook.net *.facebook.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com *.criteo.com *.criteo.net https://d335luupugsy2.cloudfront.net *.rdstation.com.br *.akamaized.net amcglobal.sc.omtrdc.net *.adobetm.com *.tiktok.com *.pinterest.com *.pinimg.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com server.cristaisaquarius.com.br https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.cristaisaquarius.com.br *.cristaisaquarius.local *.googleapis.com *.doubleclick.net *.google.com *.google.com.br *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com https://connect.facebook.net *.facebook.com *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com *.criteo.com *.criteo.net https://d335luupugsy2.cloudfront.net *.rdstation.com.br *.akamaized.net https://vimeo.com *.vimeocdn.com amcglobal.sc.omtrdc.net *.adobetm.com *.tiktok.com *.pinterest.com *.pinimg.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net https://vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.cristaisaquarius.com.br *.cristaisaquarius.local *.paypal.com *.google.com *.google.com.br *.googleapis.com *.doubleclick.net *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.facebook.com *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com *.criteo.com *.criteo.net https://d335luupugsy2.cloudfront.net *.rdstation.com.br *.mercadopago.com *.mercadolibre.com *.akamaized.net *.vimeocdn.com *.adobetm.com *.tiktok.com *.pinterest.com *.pinimg.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com t.elasticsuite.io server.cristaisaquarius.com.br https: 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.cristaisaquarius.com.br *.cristaisaquarius.local *.google.com *.google.com.br *.google-analytics.com *.gstatic.com *.doubleclick.net *.googleapis.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.facebook.com *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com *.criteo.com *.criteo.net https://d335luupugsy2.cloudfront.net *.rdstation.com.br *.akamaized.net https://vimeo.com *.vimeocdn.com *.adobetm.com *.tiktok.com *.pinterest.com *.pinimg.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com data: fonts.googleapis.com fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.googletagmanager.com *.facebook.net *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google-analytics.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.trackedlink.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.fontawesome.com *.googleapis.com *.gstatic.com *.avada.io *.mlstatic.com *.mercadopago.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.fontawesome.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolibre.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com *.stape.io *.fontawesome.com * data: instantcredit.net test.instantcredit.net 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de * www.paycomet.com api.paycomet.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.google.com *.google.com.ua *.google.co.uk *.stape.io * www.paycomet.com api.paycomet.com https://plumrocket.com *.sendcloud.sc *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.salesmanago.pl *.salesmanago.es *.salesmanago.com eu1-doofinderuser.s3.amazonaws.com us1-doofinderuser.s3.amazonaws.com *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.doubleclick.net *.stape.io * https://www.magezon.com instantcredit.net test.instantcredit.net maps.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.salesmanago.pl *.salesmanago.es *.salesmanago.com cdn.doofinder.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.googletagmanager.com *.doubleclick.net *.stape.io *.avada.io * www.paycomet.com api.paycomet.com instantcredit.net test.instantcredit.net code.jquery.com *.sendcloud.sc https://www.googletagmanager.com tagmanager.google.com maps.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.googleapis.com *.googletagmanager.com *.stape.io *.fontawesome.com * instantcredit.net test.instantcredit.net tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.doofinder.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.google-analytics.com *.google.com *.stape.io https://get.geojs.io *.avada.io * instantcredit.net test.instantcredit.net https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'self'  cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://use.fontawesome.com mdbootstrap.com; script-src-attr 'self'; style-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com mdbootstrap.com use.fontawesome.com; style-src-attr 'self'; frame-ancestors 'self' 1
object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; frame-src td.doubleclick.net/ https://lockerplugin.sameday.ro fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com *.meetanshi.com *.facebook.net *.facebook.com *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline'; frame-ancestors unsafe-inline www.gstatic.com *.meetanshi.com *.facebook.com https://www.facebook.com *.stripe.com stripe.com *.link.com 'self'; connect-src www.google-analytics.com stats.g.doubleclick.net/j/ pagead2.googlesyndication.com/pagead/buyside_topics/set/ region1.analytics.google.com/g/ dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://get.geojs.io *.avada.io *.meetanshi.com t.elasticsuite.io *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.facebook.net 'self' 'unsafe-inline'; img-src data: www.google.bg/pagead/ www.google.com/pagead/ www.facebook.com/tr/ maps.googleapis.com www.google.bg/ads/ga-audiences www.google.com/ads/ga-audiences assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.gstatic.com *.gstatic.com *.googleapis.com https://images.unsplash.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.meetanshi.com 'self' data: *.facebook.com data: 'self' 'unsafe-inline'; style-src maxcdn.bootstrapcdn.com fonts.googleapis.com https://cdn.sameday.ro *.adobe.com downloads.mailchimp.com *.fontawesome.com https://fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; font-src maxcdn.bootstrapcdn.com fonts.gstatic.com googleapis.com fonts.googleapis.com *.googleapis.com *.gstatic.com data: *.fontawesome.com https://fonts.gstatic.com 'self' data: *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com data: 'self' 'unsafe-inline'; script-src connect.facebook.com connect.facebook.net facebook.com googleads.g.doubleclick.net www.google-analytics.com www.google.com/pagead/ www.google.bg/pagead/ www.facebook.com/tr/ maps.googleapis.com ajax.cloudflare.com/cdn-cgi/scripts/ ssets.adobedtm.com secure.authorize.net test.authorize.net js.braintreegateway.com bimg.abv.bg/GDPR/GDPR.js dmp.adwise.bg chimpstatic.com cdn.onesignal.com/sdks/OneSignalSDK.js static.zdassets.com/ekr/asset_composer.js v2.zopim.com/ cdn.onesignal.com/ onesignal.com/ https://cdn.sameday.ro assets.adobedtm.com *.adobe.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com www.facebook.com graph.facebook.com downloads.mailchimp.com *.list-manage.com *.avada.io *.meetanshi.com *.facebook.net *.facebook.com *.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; form-action https://3dsgate.borica.bg/cgi-bin/cgi_link geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com *.facebook.net *.facebook.com 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.affirm.com *.affirm.ca www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com *.gstatic.com *.googleapis.com *.affirm.com *.affirm.ca ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.affirm.com *.affirm.ca chimpstatic.com downloads.mailchimp.com *.list-manage.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googletagmanager.com *.facebook.net *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; manifest-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com *.googleapis.com *.affirm.com *.affirm.ca www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google-analytics.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com fonts.googleapis.com portal.bulkgate.com *.gstatic.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com portal.bulkgate.com *.vivapayments.com https://seo.mageplaza.com *.cardlink.gr *.eurocommerce.gr *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com portal.bulkgate.com *.trustmark.gr consent.cookiefirst.com edge.cookiefirst.com t.themarketer.com *.themarketer.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.google-analytics.com *.facebook.com *.facebook.net *.instagram.com *.google.com *.google.gr *.skroutz.gr *.tiktok.com *.swagger.io *.glami.gr *.contactpigeon.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://www.google.com *.wesupply.xyz *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.gstatic.com *.googleapis.com *.google.com *.acscourier.net d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com portal.bulkgate.com *.trustmark.gr consent.cookiefirst.com edge.cookiefirst.com t.themarketer.com cdn1.themarketer.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.google-analytics.com *.cloudflare.com eadn-wc04-4786488.nxedge.io *.mage2.gr *.facebook.com *.facebook.net *.instagram.com *.google.gr *.skroutz.gr *.tiktok.com *.swagger.io *.glami.gr *.contactpigeon.com https://www.magezon.com *.glami.bg *.gstatic.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com maps.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com portal.bulkgate.com *.gstatic.com *.vivapayments.com *.trustmark.gr consent.cookiefirst.com edge.cookiefirst.com t.themarketer.com cdn1.themarketer.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.google-analytics.com *.facebook.com *.facebook.net *.google.com googleads.g.doubleclick.net *.doubleclick.net *.instagram.com *.skroutz.gr *.tiktok.com *.swagger.io *.glami.gr *.contactpigeon.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.googleapis.com *.avada.io https://www.google.com https://www.gstatic.com *.cloudflare.com *.glami.bg ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com portal.bulkgate.com *.gstatic.com *.trustmark.gr consent.cookiefirst.com edge.cookiefirst.com t.themarketer.com cdn1.themarketer.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.google-analytics.com *.cloudflare.com eadn-wc04-4786488.nxedge.io *.mage2.gr *.skroutz.gr *.swagger.io *.glami.gr *.contactpigeon.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.googleapis.com *.google.com maxcdn.bootstrapcdn.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com maps.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com portal.bulkgate.com *.gstatic.com *.trustmark.gr consent.cookiefirst.com edge.cookiefirst.com t.themarketer.com cdn1.themarketer.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.google-analytics.com *.paypal.com *.facebook.com *.doubleclick.net *.instagram.com *.skroutz.gr *.tiktok.com *.swagger.io *.glami.gr *.contactpigeon.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://www.google-analytics.com *.googleusercontent.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self'; report-uri /csp_logger 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com *.oct8ne.com https://static.oct8ne.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.vimeo.com *.afip.gob.ar *.mercadolibre.com *.oct8ne.com https://static.oct8ne.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.vimeo.com *.afip.gob.ar *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com *.oct8ne.com https://static.oct8ne.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.afip.gob.ar *.avada.io *.googletagmanager.com https://www.googletagmanager.com tagmanager.google.com *.mlstatic.com *.mercadopago.com *.oct8ne.com https://static.oct8ne.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://live.decidir.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.afip.gob.ar https://get.geojs.io *.avada.io *.google-analytics.com https://www.google-analytics.com *.mercadopago.com *.mercadolibre.com *.oct8ne.com https://static.oct8ne.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://developers.decidir.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com *.fontawesome.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.ap-gateway.mastercard.com *.mastercard.com *.google.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.ap-gateway.mastercard.com *.mastercard.com 'self' data: *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com cdn.ampproject.org raw.githubusercontent.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com s7.addthis.com *.ap-gateway.mastercard.com ap-gateway.mastercard.com *.mastercard.com *.google.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com www.googletagmanager.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.googleapis.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com cdn.ampproject.org www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com ekr.zdassets.com/ *.google-analytics.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com https://www.gstatic.com maxcdn.bootstrapcdn.com d1azc1qln24ryf.cloudfront.net v2.zopim.com https://fonts.gstatic.com *.fontawesome.com *.alothemes.com *.magepow.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com https://alavaquera.es https://alavaquera.fr https://alavaquera.pt 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://www.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com www.google.com.vn v2.zopim.com *.alothemes.com *.magepow.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googleapis.com https://www.gstatic.com www.clarity.ms *.googletagmanager.com maps.googleapis.com v2.zopim.com static.hotjar.com static.zdassets.com widget-mediator.zopim.com app.avada.io https://www.google.com *.avada.io *.alothemes.com *.magepow.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline fonts.googleapis.com maxcdn.bootstrapcdn.com d1azc1qln24ryf.cloudfront.net *.fontawesome.com *.alothemes.com *.magepow.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.googleapis.com maps.googleapis.com *.google-analytics.com stats.g.doubleclick.net widget-mediator.zopim.com ekr.zdassets.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.gstatic.com 'self' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com google.com *.addthis.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com google.com *.gstatic.com *.fbcdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.googleapis.com google.com *.gstatic.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.google.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com google.com *.kxcdn.com *.gstatic.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.google.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: gap://ready; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https:; font-src 'self' data: https:; report-uri https://thedatinglab.report-uri.com/r/d/csp/reportOnly 1
font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://secure-test.worldpay.com/shopper/3ds/ddc.html https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors https://www.youtube.com/ 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://widget.trustpilot.com/ https://pay.google.com https://secure-test.worldpay.com *.weltpixel.com *.google.com https://plumrocket.com https://www.youtube.com/ www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de ebizmarts-website.s3.amazonaws.com *.cloudflare.com *.gstatic.com *.google.com *.mageside.com mageside.com maps.gstatic.com https://usaskateshop-com.b-cdn.net/ www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.chimpstatic.com https://static.hotjar.com https://static.zdassets.com https://payments.worldpay.com https://cdn.clerk.io https://api.clerk.io https://storage.googleapis.com/prshim/v1/payment-shim.js https://www.google.com/recaptcha/api.js *.gstatic.com *.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js *.google.com applepay.cdn-apple.com maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com *.yotpo.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.fontawesome.com applepay.cdn-apple.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://cdn.usaskateshop.dk https://static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://www.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com https://*.cookiebot.com *.multisafepay.com https://pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.sendcloud.sc *.jsdelivr.net https://wwww.facebook.com https://www.youtube.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com https://www.google.com https://www.google.nl https://wwww.facebook.com *.multisafepay.com https://*.cookiebot.com https://googleads.g.doubleclick.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.amazonaws.com https://bat.bing.com https://c.bing.com https://c.clarity.ms data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com https://*.cookiebot.com *.avada.io *.cloudflare.com/ajax/libs/prototype/1.7.3/prototype.js *.multisafepay.com https://pay.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.sendcloud.sc *.jsdelivr.net https://www.googletagmanager.com https://googleads.g.doubleclick.net https://connect.facebook.net https://bat.bing.com https://www.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.multisafepay.com unsafe-inline assets.braintreegateway.com *.sendcloud.sc *.jsdelivr.net https://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com https://pagead2.googlesyndication.com https://*.clarity.ms/ https://*.cookiebot.com https://googleads.g.doubleclick.net https://get.geojs.io *.avada.io *.multisafepay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com https://www.google-analytics.com https://stats.g.doubleclick.net https://f.clarity.ms 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://stackpath.bootstrapcdn.com http://v2.zopim.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://www.youtube.com https://vimeo.com https://www.dailymotion.com https://www.google.com https://www.pinterest.fr https://www.pinterest.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://www.google.com https://www.google.fr https://fonts.gstatic.com https://www.googletagmanager.com https://www.facebook.com https://ct.pinterest.com https://v2.zopim.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://googleads.g.doubleclick.net https://www.google.com https://www.gstatic.com http://www.googletagmanager.com https://www.googletagmanager.com https://connect.facebook.net https://www.google.fr http://v2.zopim.com https://static.zdassets.com https://s.pinimg.com wss://widget-mediator.zopim.com https://maps.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.avada.io https://cdnjs.cloudflare.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://stackpath.bootstrapcdn.com cdn.dnky.co webchat.dotdigital.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com https://www.google-analytics.com https://www.facebook.com https://static.zdassets.com https://ekr.zdassets.com https://ct.pinterest.com wss://widget-mediator.zopim.com https://maps.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.webwinkelkeur.nl data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com js.mollie.com *.sendcloud.sc *.jsdelivr.net *.webwinkelkeur.nl 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com https://www.mollie.com *.amazonaws.com *.clarity.ms *.linkedin.com rvsland.hypernode.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.avada.io connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com js.mollie.com *.sendcloud.sc *.jsdelivr.net  https://magento.com *.cookiebot.com *.clarity.ms *.cookiefirst.com *.licdn.com *.googleoptimize.com *.webwinkelkeur.nl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com *.sendcloud.sc *.jsdelivr.net *.cookiefirst.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com www.googleapis.com *.clarity.ms *.googleapis.com *.google.com *.cookiebot.com *.cookiefirst.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.alothemes.com *.magepow.com https://fonts.gstatic.com 'self' data: *.google.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.correios.com.br *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.cardinalcommerce.com *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.mercadopago.com.br *.mercadopago.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io *.google.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://player.vimeo.com https://www.youtube-nocookie.com *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.cardinalcommerce.com *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.mercadopago.com.br *.mercadopago.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io *.google.com *.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io blueskytechmage.com mageblueskytech.com placehold.jp *.alothemes.com *.magepow.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com cdn.mundipagg.com api.pagar.me *.gstatic.com *.facebook.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ s7.addthis.com *.avada.io *.alothemes.com *.magepow.com http://viacep.com.br https://player.vimeo.com https://www.youtube.com 3ds2.pagar.me 3ds2-sdx.pagar.me *.google.com *.facebook.net maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.alothemes.com *.magepow.com https://fonts.googleapis.com http://fonts.googleapis.com *.googleapis.com *.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com https://ws.correios.com.br https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.mundipagg.com api.pagar.me brasilapi.com.br viacep.com.br servicodados.ibge.gov.br *.google.com google.com pay.sandbox.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com s7.addthis.com *.avada.io https://player.vimeo.com https://www.youtube.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ekr.zdassets.com/ https://get.geojs.io *.avada.io https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://events.mercadolibre.com/csp/reports?identifier=jRuisOMjDBl8yf2xetBFynFnOsHb9gusErSA-ooIZNQWVYMAKXgC-Po5d06V_KH5&policy_id=71&user_id=&request_id=3100aeff-75ce-41ba-bc94-faf788b45089; report-to csp-endpoint; frame-ancestors 'none' 1
report-uri https://events.mercadolibre.com/csp/reports?identifier=jRuisOMjDBl8yf2xetBFynFnOsHb9gusErSA-ooIZNQWVYMAKXgC-Po5d06V_KH5&policy_id=71&user_id=&request_id=e8ea9bfc-4519-4568-9178-4ae3ba21f496; report-to csp-endpoint; frame-ancestors 'none' 1
font-src fonts.gstatic.com use.typekit.net data: *.fontawesome.com *.gstatic.com 'self' data: https://surveys-static.survicate.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com cdn.dnky.co amc.demdex.net www.google.com www.facebook.com youtube.com *.mercadolibre.com connect.facebook.net graph.facebook.com business.facebook.com mldp.mercadopago.com www.mercadolibre.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.gstatic.com maps.googleapis.com accounts.google.com www.facebook.com imgmp.mlstatic.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar connect.facebook.net graph.facebook.com business.facebook.com 'self' data: www.mercadolibre.com www.mercadolibre.com.mx www.mercadolibre.com.ar www.mercadolibre.com.br a248.e.akamai.net mercadolivre.com.br www.mercadolivre.com.br www.mercadolivre.com.mx www.mercadolivre.com.ar www.mercadopago.com secure.mlstatic.com https://agentcore.s3.amazonaws.com https://www.google.com.ar https://c.clarity.ms https://c.bing.com https://www.mercadolivre.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com amcglobal.sc.omtrdc.net use.typekit.net commerce.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com connect.facebook.net player.vimeo.com *.mlstatic.com www.facebook.com graph.facebook.com business.facebook.com https://www.google.com.ar *.gstatic.com http2.mlstatic.com secure.mlstatic.com https://maps.googleapis.com https://cdn.agentbot.net https://agentcore.s3.amazonaws.com https://www.googleoptimize.com https://www.clarity.ms https://survey.survicate.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co *.fontawesome.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://agentcore.s3.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com performance.typekit.net commerce.adobe.net api.comapi.com bam.nr-data.net *.mercadopago.com https://www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google-analytics.com api.mercadopago.com events.mercadopago.com www.mercadolibre.com https://stats.g.doubleclick.net https://adapter.aivo.co https://i.clarity.ms https://f.clarity.ms https://www.mercadopago.com.mx https://maps.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://meetanshi.com/media/logo.png flagpedia.net *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.jsdelivr.net/npm/ https://cdnjs.cloudflare.com/ajax/libs/ *.gstatic.com maps.googleapis.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com www.gstatic.com maps.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.2wheelshop.eu https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com maps.gstatic.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.google.com widget.freshworks.com m2epro.freshdesk.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io maps.googleapis.com www.gstatic.com https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.fontawesome.com widget.freshworks.com m2epro.freshdesk.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maxcdn.bootstrapcdn.com www.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com stats.g.doubleclick.net widget.freshworks.com m2epro.freshdesk.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googletagmanager.com *.facebook.net *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.klarnacdn.net https://*.bootstrapcdn.com *.fontawesome.com *.alothemes.com *.magepow.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.klarna.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.klarna.com *.klarnaevt.com *.klarnacdn.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://greencut-tools.com https://*.greencut-tools.com https://fitfiu-fitness.com https://*.fitfiu-fitness.com https://mc-haus.com https://*.mc-haus.com https://beeloomkids.com https://*.beeloomkids.com https://playkinkids.com https://*.playkinkids.com https://beselfbrands.com https://*.beselfbrands.com https://*.googlesyndication.com https://*.usercentrics.eu https://*.facebook.com https://*.google.com https://*.google.es https://*.google.fr https://*.google.it https://*.google.de *.alothemes.com *.magepow.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://*.redsys.es http://*.redsys.es *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com webappanalyzer.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com widget.freshworks.com m2epro.freshdesk.com *.klarna.com *.klarnacdn.net *.klarnaservices.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://*.facebook.net https://*.usercentrics.eu https://*.hotjar.com https://capturly.com https://*.capturly.com https://*.tiktok.com https://*.tailwindcss.com *.avada.io *.alothemes.com *.magepow.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com widget.freshworks.com m2epro.freshdesk.com *.klarnacdn.net https://*.bootstrapcdn.com *.fontawesome.com *.alothemes.com *.magepow.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net webappanalyzer.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com widget.freshworks.com m2epro.freshdesk.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://*.googlesyndication.com https://googleads.g.doubleclick.net https://*.usercentrics.eu https://capturly.com https://*.capturly.com https://*.tiktok.com https://*.hotjar.io wss://ws.hotjar.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: consentcdn.cookiebot.com region1.analytics.google.com asset.productmarketingcloud.com region1.google-analytics.com imgsct.cookiebot.com *.gstatic.com www.google-analytics.com v2assets.zopim.io *.zopim.com *.zendesk.com consent.cookiebot.com *.facebook.com ekr.zdassets.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' Gringamx.com *.Gringamx.com Gringamx.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net *.traycheckout.com.br k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br *.clearsale.com.br *.g.doubleclick.net *.googletagmanager.com *.google-analytics.com *.facebook.net *.googleadservices.com googleadservices.com dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.soclminer.com.br *.btg360.com.br *.socialminer.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store *.adyen.com *.pagar.me *.mundipagg.com *.braintree-api.com *.*.braintree-api.com *.braintreegateway.com *.*.braintreegateway.com *.pagseguro.com.br *.*.pagseguro.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.Gringamx.com Gringamx.com; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.mastercard.com *.gateway.mastercard.com *.klaviyo.com *.google-analytics.com *.google.com *.google.com.lb *.livechatinc.com *.gstatic.com *.googleapis.com *.facebook.net *.facebook.com *.twitter.com *.usercentrics.eu *.doubleclick.net *.newrelic.com *.nr-data.net *.fontawesome.com *.gs.com.lb *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.mastercard.com *.gateway.mastercard.com *.klaviyo.com *.google-analytics.com *.google.com *.google.com.lb *.livechatinc.com *.facebook.net *.facebook.com *.twitter.com *.usercentrics.eu *.doubleclick.net *.newrelic.com *.nr-data.net *.fontawesome.com *.gs.com.lb https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.mastercard.com *.gateway.mastercard.com *.klaviyo.com *.google-analytics.com *.google.com *.google.com.lb *.livechatinc.com *.facebook.net *.facebook.com *.twitter.com *.usercentrics.eu *.doubleclick.net *.fontawesome.com *.gs.com.lb https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net unsafe-inline assets.braintreegateway.com *.mastercard.com *.gateway.mastercard.com *.klaviyo.com *.google-analytics.com *.google.com *.google.com.lb *.livechatinc.com *.gstatic.com *.googleapis.com *.facebook.net *.facebook.com *.twitter.com *.usercentrics.eu *.doubleclick.net *.newrelic.com *.nr-data.net *.fontawesome.com *.gs.com.lb https://static.klaviyo.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net 'self' 'unsafe-inline'; manifest-src plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.mastercard.com *.gateway.mastercard.com *.klaviyo.com *.google-analytics.com *.google.com.lb *.livechatinc.com *.gstatic.com *.facebook.net *.facebook.com *.twitter.com *.usercentrics.eu *.doubleclick.net *.fontawesome.com *.gs.com.lb https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.mastercard.com *.gateway.mastercard.com *.klaviyo.com *.google-analytics.com *.google.com *.google.com.lb *.livechatinc.com *.gstatic.com *.googleapis.com *.facebook.net *.facebook.com *.twitter.com *.usercentrics.eu *.doubleclick.net *.newrelic.com *.nr-data.net *.fontawesome.com *.gs.com.lb 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://use.typekit.net *.fontawesome.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://*.svea.com https://*.vipps.no https://*.trustly.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com widget.trustpilot.com www.paypalobjects.com google-analytics.com vimeo.com *.yotpo.com *.googleapis.com https://use.typekit.net/* *.cookiebot.com/ *.fontawesome.com htps://fonts.gstatic.com *.weltpixel.com https://*.svea.com *.swiipe.com *.paymentiq.io c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * checkoutapistage.svea.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://cdn.clerk.io *.google.com *.swiipe.com maps.gstatic.com https://www.unifaunonline.se https://*.tile.openstreetmap.org/ https://meetanshi.com/media/logo.png flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.bing.com *.clarity.ms *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com/ *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://api.clerk.io https://cdn.clerk.io *.api.unifaun.com cdn.clerk.io api.clerk.io widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js v2.zopim.com *.gstatic.com chimpstatic.com static.zdassets.com *.newrelic.com bam.eu01.nr-data.net *.cookiebot.com/ s7.addthis.com https://*.svea.com *.swiipe.com maps.googleapis.com https://api.unifaun.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com checkoutapistage.svea.com *.bing.com *.clarity.ms https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.clerk.io https://cdn.clerk.io *.googleapis.com *.yotpo.com https://use.typekit.net cdn.dnky.com https://p.typekit.net *.fontawesome.com *.swiipe.com maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.swiipe.com 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com gymkompaniet.zendesk.com https://ekr.zdassets.com widget-mediator.zopim.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://stats.g.doubleclick.net www.youtube.com bam.eu01.nr-data.net  dpm.demdex.net ekr.zdassets.com/ *.swiipe.com maps.googleapis.com www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.clarity.ms *.bing.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net *.fontawesome.com fonts.googleapis.com *.hotjar.com *.zopim.com data: maxcdn.bootstrapcdn.com https://widgets.trustedshops.com www.hard-wear.nl www.hard-wear.com www.hard-wear.fr data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com www.hard-wear.nl www.hard-wear.com www.hard-wear.fr 'self' 'unsafe-inline'; frame-ancestors www.hard-wear.nl www.hard-wear.com www.hard-wear.fr 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com cdn.dnky.co *.hotjar.com *.facebook.com *.trustpilot.com *.criteo.com www.googletagmanager.com js.mollie.com *.sendcloud.sc *.jsdelivr.net www.hard-wear.nl www.hard-wear.com www.hard-wear.fr 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net https://images.unsplash.com *.googleadservices.com *.google-analytics.com https://maps.gstatic.com https://www.mollie.com *.amazonaws.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com www.hard-wear.nl www.hard-wear.com www.hard-wear.fr data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.paypal.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com connect.facebook.net *.avada.io https://maps.googleapis.com js.mollie.com *.jsdelivr.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com www.hard-wear.nl www.hard-wear.com www.hard-wear.fr 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.sendcloud.sc *.jsdelivr.net https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com www.hard-wear.nl www.hard-wear.com www.hard-wear.fr 'self' 'unsafe-inline'; object-src www.hard-wear.nl www.hard-wear.com www.hard-wear.fr 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com www.hard-wear.nl www.hard-wear.com www.hard-wear.fr 'self' 'unsafe-inline'; manifest-src www.hard-wear.nl www.hard-wear.com www.hard-wear.fr 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.clarity.ms *.facebook.com *.datatrics.com *.analytics.google.com *.googletagmanager.com https://get.geojs.io *.avada.io https://maps.googleapis.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site www.hard-wear.nl www.hard-wear.com www.hard-wear.fr 'self' 'unsafe-inline'; child-src www.hard-wear.nl www.hard-wear.com www.hard-wear.fr http: https: blob: 'self' 'unsafe-inline'; default-src www.hard-wear.nl www.hard-wear.com www.hard-wear.fr 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.hard-wear.nl www.hard-wear.com www.hard-wear.fr 'self' 'unsafe-inline'; report-uri /csp_reporter.php; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' ad.presco.asia aigent2.silveregg.net ajax.googleapis.com apis.google.com assets.adobedtm.com b92.yahoo.co.jp b97.yahoo.co.jp cdn.kaizenplatform.net cdnjs.cloudflare.com cdnpc.hatarakunavi.net cdnsp.hatarakunavi.net code.usergram.info connect.facebook.net d.line-scdn.net googleads.g.doubleclick.net h.accesstrade.net harpoon3.userdive.com maps-api-ssl.google.com maps.googleapis.com media.line.me munchkin.marketo.net platform.twitter.com s.yimg.jp s.yjtag.jp social-plugins.line.me ssl.google-analytics.com sslwidget.criteo.com static.criteo.net static.karte.io support-widget.nakanohito.jp sync-tag.karte.io www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.line-website.com www.youtube.com yjtag.yahoo.co.jp am.yahoo.co.jp b99.yahoo.co.jp dmp.im-apps.net score.im-apps.net sync.im-apps.net bs.karte.io bypass.ad-stir.com af.tosho-trading.co.jp bs.ad-stir.com tpc.googlesyndication.com cdnsp.hatarakunavi.net b98.yahoo.co.jp cdnpc.hatarakunavi.net am.yahoo.co.jp b99.yahoo.co.jp developers.line.biz dmp.im-apps.net score.im-apps.net sync.im-apps.net bs.karte.io cdn-edge.karte.io bypass.ad-stir.com b98.yahoo.co.jp  www.clarity.ms am.yahoo.co.jp b99.yahoo.co.jp bypass.ad-stir.com dmp.im-apps.net score.im-apps.net sync.im-apps.net www.clarity.ms  code.jquery.com assets.backlog.jp b91.yahoo.co.jp gc.kis.v2.scr.kaspersky-labs.com cdn-edge.karte.io b.karte.io developers.line.biz ; report-uri /php/csp_report.php; 1
font-src *.fontawesome.com https://fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.googleapis.com *.addtoany.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com http://dpm.demdex.net *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com https://geowidget.easypack24.net *.fontawesome.com fonts.gstatic.com fonts.googleapis.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de sandbox.przelewy24.pl secure.przelewy24.pl *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://geowidget-app.inpost.pl/ https://sandbox-easy-geowidget.easypack24.net/ pay.google.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org static.przelewy24.pl www.gstatic.com gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com *.avada.io *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com cdn.dnky.co webchat.dotdigital.com https://geowidget.easypack24.net https://geowidget.inpost.pl *.fontawesome.com fonts.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com https://www.google-analytics.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.easypack24.net *.inpost.pl *.openstreetmap.org sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com https://get.geojs.io *.avada.io *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com *.fontawesome.com *.alothemes.com *.magepow.com *.adobe.com *.facebook.com *.facebook.net *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com *.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com *.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com *.google.com *.gstatic.com *.fbcdn.net *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://meetanshi.com/media/logo.png *.addthisedge.com *.alothemes.com *.magepow.com *.facebook.net *.fontawesome.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com *.googleapis.com *.google.com *.gstatic.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com gateway.payulatam.com sandbox.api.payulatam.com maf.pagosonline.net devicefingerprinting.fraudvault.com *.facebook.com graph.facebook.com business.facebook.com s7.addthis.com *.facebook.net *.twitter.com *.avada.io *.alothemes.com *.magepow.com *.fontawesome.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com *.fontawesome.com *.alothemes.com *.magepow.com *.facebook.com *.facebook.net unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com maf.pagosonline.net devicefingerprinting.fraudvault.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com *.adobe.com *.facebook.net *.fontawesome.com *.googleapis.com *.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src portal.bulkgate.com *.gstatic.com *.boxnow.gr *.fontawesome.com v2.zopim.com 'unsafe-inline' data: fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net portal.bulkgate.com *.boxnow.gr *.nbg.gr www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com portal.bulkgate.com *.boxnow.gr *.everypay.gr *.mastercard.com *.nbg.gr 'unsafe-inline' data: www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com analytics.skroutz.gr skroutza.skroutz.gr go.linkwi.se www.pinterest.com gr.pinterest.com tpc.googlesyndication.com *.facebook.com *.doubleclick.net *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com portal.bulkgate.com *.boxnow.gr www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ping.contactpigeon.com www.google-analytics.com www.google.com www.google.gr v2.zopim.com googleads.g.doubleclick.net linkedin.com google-analytics.com analytics.skroutz.gr skroutza.skroutz.gr www.googletagmanager.com ct.pinterest.com *.glamipixel.com glamipixel.com *.glami.gr data: *.gstatic.com maps.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com portal.bulkgate.com *.gstatic.com *.boxnow.gr www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ping.contactpigeon.com *.avada.io go.linkwi.se analytics.skroutz.gr *.skroutz.gr www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net v2.zopim.com www.gstatic.com static.zdassets.com www.google.com https://js.everypay.gr 'self' data: *.zopim.com s.pinimg.com analytics.tiktok.com tpc.googlesyndication.com www.contactpigeon.com *.glamipixel.com glamipixel.com *.glami.gr ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com maps.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com portal.bulkgate.com *.gstatic.com *.boxnow.gr ping.contactpigeon.com *.fontawesome.com www.googletagmanager.com www.contactpigeon.com fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src portal.bulkgate.com *.gstatic.com *.boxnow.gr www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ping.contactpigeon.com 'unsafe-inline' data: 'unsafe-inline' wss: analytics.google.com stats.g.doubleclick.net 'unsafe-inline' ekr.zdassets.com 'unsafe-inline' maps.googleapis.com gtmss.izyshoes.gr ct.pinterest.com analytics.tiktok.com 'unsafe-inline' ekr.zendesk.com region1.analytics.google.com socialplugin.facebook.net *.facebook.com web.facebook.com *.contactpigeon.com *.googlesyndication.com www.google.com googleads.g.doubleclick.net https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.contactpigeon.com 'self' 'unsafe-inline'; 1
font-src https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.sagepay.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.sagepay.com secure.payu.com merch-prod.snd.payu.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es static.payu.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.sagepay.com https://player.vimeo.com https://www.youtube.com secure.payu.com secure.snd.payu.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com https://fonts.googleapis.com http://fonts.googleapis.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.sagepay.com https://fonts.googleapis.com https://fonts.gstatic.com secure.payu.com merch-prod.snd.payu.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ s7.addthis.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com ekr.zdassets.com/ https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net https://fonts.gstatic.com *.fontawesome.com https://www.google.com https://www.gstatic.com *.googleapis.com *.gstatic.com *.alothemes.com *.magepow.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://webpay3gint.transbank.cl 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ https://www.google.com http://www.google.com https://www.facebook.com https://web.facebook.com https://bid.g.doubleclick.net *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.apptrian.com https://www.facebook.com https://www.google.com https://www.google.cl https://maps.gstatic.com https://maps.googleapis.com https://cdn.pushcrew.com https://dev.visualwebsiteoptimizer.com https://googleads.g.doubleclick.net https://pushcrew.com *.alothemes.com *.magepow.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com www.apptrian.com https://www.google.cl https://cdn.pushcrew.com https://dev.visualwebsiteoptimizer.com https://fonts.googleapis.com https://maps.googleapis.com https://www.googletagmanager.com *.gstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net http://www.google.com https://tracking.krip.cl https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.fitit.ai *.googleapis.com *.google.com *.fontawesome.com *.alothemes.com *.magepow.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://fonts.googleapis.com https://cdn.pushcrew.com https://dev.visualwebsiteoptimizer.com https://cdn.fitit.ai *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com *.alothemes.com *.magepow.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net *.bolt.com qa-api.magedevteam.com www.apptrian.com https://stats.g.doubleclick.net https://www.google-analytics.com https://bam.nr-data.net https://www.facebook.com https://api.bciplus.cl https://maps.googleapis.com https://pushcrew.com https://firebase.googleapis.com https://firebaseremoteconfig.googleapis.com https://us-central1-fitit-a5bde.cloudfunctions.net https://firebaselogging-pa.googleapis.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com *.alothemes.com *.magepow.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.searchanise.com *.searchserverapi.com fonts.gstatic.com v2.zopim.com embed.tawk.to *.commerce-connector.com *.flixcar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com www.searchanise.com *.searchserverapi.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sameday.ro c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.searchanise.com *.searchserverapi.com *.twitter.com *.weltpixel.com *.2performant.com *.doubleclick.net *.pinterest.com *.force.com *.facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com cdn.kfea.ro shopmania.ro *.openstreetmap.org www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com *.gstatic.com v2assets.zopim.io *.google.ro *.facebook.com *.widgetwhats.com tawk.link compari.ro ct.pinterest.com *.flix360.com *.flixcar.com *.flix360.io data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sameday.ro unpkg.com/map-fanbox-points@0.0.5/umd/map-fanbox-points.js js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com searchserverapi.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com https://www.googletagmanager.com tagmanager.google.com *.zdassets.com v2.zopim.com *.facebook.net *.facebook.com attr-2p.com *.widgetwhats.com chimpstatic.com embed.tawk.to *.jsdelivr.net *.hotjar.com *.arukereso.com gstatic.com *.clarity.ms *.themarketer.com *.pinimg.com *.pinterest.com *.enzuzo.com cdn-cookieyes.com *.googlesyndication.com *.commerce-connector.com *.force.com *.salesforceliveagent.com aqurate.ai *.flixcar.com *.flix360.io *.flixfacts.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.sameday.ro unsafe-inline www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com tagmanager.google.com *.googleapis.com 'self' data: *.widgetwhats.com embed.tawk.to *.googletagmanager.com tpc.googlesyndication.com *.cloudfront.net *.commerce-connector.com *.force.com *.popupsmart.com *.flixcar.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.fancourier.ro api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com api.amplitude.com stats.g.doubleclick.net https://www.google-analytics.com ekr.zdassets.com wss://widget-mediator.zopim.com pagead2.googlesyndication.com *.google.com *.google.ro googleads.g.doubleclick.net region1.analytics.google.com *.2performant.com *.widgetwhats.com zdata-ro-bellabike.s3.eu-west-1.amazonaws.com *.tawk.to kfea.zendesk.com api.edrone.me *.themarketer.com *.pinterest.com *.clarity.ms *.commerce-connector.com *.facebook.com *.hotjar.com *.hotjar.io *.google-analytics.com *.sharethis.com *.enzuzo.com *.flixcar.com region1.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src widget-mediator.zopim.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.tawk.to data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.youtube.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.tawk.to 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.tawk.to data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com tagmanager.google.com https://www.googletagmanager.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trackedlink.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.tawk.to 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com unsafe-inline assets.braintreegateway.com *.tawk.to 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.ampproject.org https://www.google-analytics.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.tawk.to 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com use.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://seo.mageplaza.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://h.online-metrix.net magento-cloudflare.jetrails.com www.youtube.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.getbeamer.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.googleapis.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.getbeamer.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.googleapis.com *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.googletagmanager.com *.facebook.net *.getbeamer.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com *.fontawesome.com unsafe-inline use.fontawesome.com *.getbeamer.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google-analytics.com *.getbeamer.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.feedaty.com *.zopim.com fonts.gstatic.com data: static.criteo.net *.fontawesome.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.feedaty.com *.criteo.com *.criteo.net *.hotjar.com *.google.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://cdn.clerk.io *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.feedaty.com *.google.com *.google.it *.zopim.com *.clerk.io *.advertising.com *.doubleclick.net *.openx.net *.rubiconproject.com *.yahoo.com *.smaato.net *.yieldmo.com *.tapad.com *.addthis.com *.outbrain.com *.criteo.com *.criteo.net *.adnxs.com *.adtpd.com *.tpmn.co.kr *.socdm.com *.adingo.jp *.revcontent.com *.kargo.com *.3lift.com *.media.net *.rlcdn.com *.turn.com *.smartadserver.com *.mediawallahscript.com *.360yield.com *.pubmatic.com *.casalemedia.com *.taboola.com *.adform.net *.teads.tv *.bidswitch.net *.dable.io *.sharethrough.com *.liadm.com *.postrelease.com *.mgid.com *.nate.com *.yandex.ru *.rambler.ru *.meba.kr *.admixer.co.kr id5-sync.com *.mail.ru *.adscale.de *.aralego.com *.tremorhub.com *.omnitagjs.com trusted.ro *.kvstore.it *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://api.clerk.io https://cdn.clerk.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.facebook.net connect.facebook.net graph.facebook.com business.facebook.com *.feedaty.com *.zoorate.com *.iubenda.com *.soisy.it *.criteo.com static.criteo.net *.doubleclick.net *.hotjar.com *.zopim.com *.zdassets.com *.clerk.io partner-events.favicdn.net *.google.com *.gstatic.com *.avada.io https://cdnjs.cloudflare.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://api.clerk.io https://cdn.clerk.io cdn.dnky.co webchat.dotdigital.com *.feedaty.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src static.criteo.net *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.feedaty.com *.soisy.it *.google.com *.google-analytics.com *.hotjar.com vc.hotjar.io/ *.zdassets.com *.zopim.com *.iubenda.com *.doubleclick.net *.criteo.com *.criteo.net wss://*.zopim.com/ wss://*.hotjar.com/ partner-events.favicdn.net partner-events.favi.sk partner-events.favi.cz partner-events.favi.ro *.googlesyndication.com *.zendesk.com https://get.geojs.io *.avada.io www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://www.google-analytics.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com http://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://consentcdn.cookiebot.com https://www.salesmanago.pl https://app3.salesmanago.pl https://www.salesmanago.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://www.google.com https://www.google.es https://widgets.sociablekit.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://cdn.doofinder.com https://eu1-search.doofinder.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://www.google.com https://widgets.sociablekit.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com http://fonts.googleapis.com https://widgets.sociablekit.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net https://vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com https://eu1-search.doofinder.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://www.youtube.com https://youtu.be 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.facebook.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.instagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.weltpixel.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; frame-ancestors unsafe-inline 'self'; connect-src www.google-analytics.com stats.g.doubleclick.net/j/ stats.g.doubleclick.net dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; img-src data: www.google.bg/pagead/ www.google.com/pagead/ www.facebook.com/tr/ maps.googleapis.com www.google.bg/ads/ga-audiences www.google.com/ads/ga-audiences wheelioapp.azureedge.net dealioappstorage.blob.core.windows.net assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cdninstagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com 'self' data: *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; style-src maxcdn.bootstrapcdn.com fonts.googleapis.com wheelioapp.azureedge.net *.adobe.com https://static.klaviyo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; font-src maxcdn.bootstrapcdn.com fonts.gstatic.com googleapis.com *.fontawesome.com static.klaviyo.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; script-src connect.facebook.com connect.facebook.net facebook.com googleads.g.doubleclick.net www.google-analytics.com www.google.com/pagead/ www.google.bg/pagead/ www.facebook.com/tr/ maps.googleapis.com ajax.cloudflare.com/cdn-cgi/scripts/ ssets.adobedtm.com secure.authorize.net test.authorize.net js.braintreegateway.com static.klaviyo.com static.klaviyo.com/ cdnjs.cloudflare.com/ dashboard.wheelio-app.com/api/wheelioapp/ www.wheelioapp.azureedge.net/app/ www.wheeliofuncstats.azurewebsites.net/api/ www.wheeliofuncstats.azurewebsites.net www.wheeliofuncstats.azurewebsites.net/ wheelioapp.azureedge.net/app/ wheeliofuncstats.azurewebsites.net/api/ assets.adobedtm.com *.adobe.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.instagram.com www.apptrian.com www.facebook.com graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
font-src fonts.googleapis.com fonts.gstatic.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.userway.org sibforms.com *.sendinblue.com *.iubenda.com *.googleapis.com *.bootstrapcdn.com *.cookiebot.com *.teads.tv maxcdn.bootstrapcdn.com *.fontawesome.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://www.google.com *.doubleclick.net *.facebook.com *.userway.org *.googleapis.com *.smooch.io *.pinterest.com *.pinimg.com *.bing.com *.google.it *.google.fr sibautomation.com *.rfihub.net *.amazon-adsystem.com *.cookiebot.com *.teads.tv 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.feedaty.com *.google.it *.fbcdn.net *.zendesk.com *.userway.org sibforms.com *.sendinblue.com *.iubenda.com *.googleapis.com *.smooch.io *.youtube.com *.pinterest.com *.pinimg.com *.bing.com *.google.fr *.teads.tv *.cookiebot.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://www.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.feedaty.com *.zdassets.com *.zendesk.com *.userway.org sibforms.com *.sendinblue.com *.iubenda.com *.googleapis.com *.smooch.io *.youtube.com *.pinterest.com *.pinimg.com *.bing.com *.google.it *.google.fr *.hotjar.com sibautomation.com *.rfihub.net *.teads.tv *.cookiebot.com *.avada.io https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.feedaty.com *.iubenda.com *.zendesk.com *.userway.org sibforms.com *.sendinblue.com *.smooch.io *.pinterest.com *.pinimg.com *.bing.com *.google.it *.google.fr *.bootstrapcdn.com *.cloudflare.com *.cookiebot.com *.teads.tv maxcdn.bootstrapcdn.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.zendesk.com *.userway.org sibforms.com *.sendinblue.com *.iubenda.com *.googleapis.com *.smooch.io *.youtube.com *.pinterest.com *.pinimg.com *.bing.com *.google.it *.google.fr *.doubleclick.net *.hotjar.com *.brevo.com *.teads.tv *.cookiebot.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://events.mercadolibre.com/csp/reports?identifier=jRuisOMjDBl8yf2xetBFynFnOsHb9gusErSA-ooIZNQWVYMAKXgC-Po5d06V_KH5&policy_id=71&user_id=&request_id=9ccbdb35-78cd-469d-8271-c6fabcbfc76b; report-to csp-endpoint; frame-ancestors 'none' 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.twitter.com *.facebook.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.youtube.com/ *.facebook.net *.facebook.com https://ipgtest.monri.com/ https://ipg.monri.com/ landofcoder.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.facebook.com https://redchamps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com *.twitter.com *.google-analytics.com *.googleapis.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.nr-data.net *.newrelic.com *.trackedlink.net *.googletagmanager.com *.facebook.net *.facebook.com https://ipgtest.monri.com/ https://ipg.monri.com/ landofcoder.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.nr-data.net *.newrelic.com *.ampproject.org *.facebook.net *.facebook.com landofcoder.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://www.google.com api.razorpay.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de cdn.razorpay.com *.gstatic.com *.cdninstagram.com *.fbcdn.net *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://www.google.com https://www.gstatic.com s7.addthis.com *.avada.io checkout.razorpay.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com maxcdn.bootstrapcdn.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de ekr.zdassets.com/ lumberjack.razorpay.com lumberjack-metrics.razorpay.com https://www.google-analytics.com *.instagram.com *.googleusercontent.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src d.digsgogo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
style-src 'self' 'unsafe-inline' use.typekit.net optimize.google.com *.googleapis.com cdnjs.cloudflare.com tagmanager.google.com *.googletagmanager.com config1.veinteractive.com veinteractive.com cookiehub.net use.fontawesome.com *.cookiehub.eu; img-src 'self' *.google-analytics.com *.analytics.google.com *.facebook.com data: *.doubleclick.net *.gstatic.com *.tiktok.com *.google.com *.google.be *.google.nl *.google.pl *.google.de *.google.es *.google.fr *.googletagmanager.com *.paypal.com *.convious.lt *.convious-app.com *.amazonaws.com *.tradetracker.net *.mollie.com *.majalandwarsaw.pl *.majalandkownaty.pl; font-src 'self' *.typekit.net fonts.gstatic.com use.fontawesome.com data: *.convious.lt; connect-src 'self' *.google-analytics.com *.analytics.google.com *.doubleclick.net *.tiktok.com *.convious.com *.convious-app.com *.sentry.io wss://*.convious-app.com *.facebook.com *.paypal.com *.cookiehub.net *.tradetracker.net *.plopsa.com *.google.com *.googlesyndication.com; report-uri /report-csp-violation 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.mattca.ro *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.googlesyndication.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com/ *.googlesyndication.com cdn.dnky.co webchat.dotdigital.com *.innoship.ro https://www.google.com/ *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.tile.openstreetmap.org *.openstreetmap.org *.mattca.ro *.google.com/ads/ *.google.ro *.google.ro/ads/ *.trusted.ro/ trusted.ro/ *.profitshare.ro *.omtrdc.net *.salofarm.ro maps.googleapis.com maps.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.googleapis.com *.avada.io *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.jivosite.com *.profitshare.ro profitshare.ro *.7w.ro *.aptrinsic.com *.mattca.ro maps.googleapis.com widget.trusted.ro *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.google.com *.jivosite.com *.aptrinsic.com *.mattca.ro *.salofarm.ro *.stormers.ro *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.jivosite.com *.mattca.ro 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io https://stats.g.doubleclick.net/ *.jivosite.com *.7w.ro *.aptrinsic.com maps.googleapis.com socialplugin.facebook.net salofarm.ro wss://chat-eu1-4.jivosite.com *.mattca.ro *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com www.apptrian.com facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com t.themarketer.com cdn1.themarketer.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; base-uri 'self' 'unsafe-inline'; default-src https://www.epay.bg https://online.epay.bg *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; media-src https://static.zdassets.com/web_widget/classic/latest/fda6cd35495c75f83508d9d2e77ee33d.mp3 *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; img-src https://www.google.bg/pagead/ assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com facebook.com t.themarketer.com cdn1.themarketer.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.facebook.com data: 'self' 'unsafe-inline'; connect-src https://ekr.zdassets.com/ https://dimitarstoichkov.zendesk.com/ wss://widget-mediator.zopim.com/ https://googleads.g.doubleclick.net/ dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com facebook.com https://get.geojs.io *.avada.io t.themarketer.com cdn1.themarketer.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; script-src https://v2.zopim.com/ https://static.zdassets.com/ https://www.epay.bg https://online.epay.bg assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com *.avada.io t.themarketer.com cdn1.themarketer.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
object-src 'none';base-uri 'self';script-src 'nonce-XsWiRASI20zIS_gE7mmyxA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.yotpo.com *.googleapis.com *.gstatic.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com/ js.mollie.com www.youtube.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com https://www.magezon.com https://www.mollie.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com/ js.mollie.com www.youtube.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de cdn.plyr.io noembed.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.googletagmanager.com https://player.vimeo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.gstatic.com *.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools *.google.fr *.google.ie data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com https://player.vimeo.com https://www.youtube.com www.gstatic.com *.google.com *.google.fr *.google.ie googleads.g.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.googleapis.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net https://fonts.googleapis.com https://fonts.gstatic.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com d1rsoc1eahlexs.cloudfront.net d36e13cow4bt8n.cloudfront.net *.solutenetwork.com *.ladenzeile.de *.criteo.com *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com *.solutenetwork.com *.ladenzeile.de *.criteo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.youtube-nocookie.com www.youtube.com www.facebook.com *.criteo.com secure.pay1.de www.google.com *.tiktok.com *.google.com *.doubleclick.net *.pinterest.com *.pinimg.com *.solutenetwork.com *.ladenzeile.de sibautomation.com *.addthis.com payments.amazon.de jsctool.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com bat.bing.com *.google-analytics.com stats.g.doubleclick.net www.google.de widgets.trustedshops.com www.facebook.com d1rsoc1eahlexs.cloudfront.net d36e13cow4bt8n.cloudfront.net zaunplaner.meingartenversand.de assets.zaunplaner.meingartenversand.de assets.zaunplaner-staging.meingartenversand.de zaunplaner-staging.meingartenversand.de *.tiktok.com *.google.com *.doubleclick.net *.pinterest.com *.pinimg.com *.solutenetwork.com *.ladenzeile.de *.criteo.com x.bidswitch.net ib.adnxs.com rtb-csync.smartadserver.com sync-t1.taboola.com eb2.3lift.com hb.yahoo.net cm.adform.net r.casalemedia.com id5-sync.com sync.outbrain.com a.twiago.com ad.yieldlab.net e1.emxdgt.com dpm.demdex.net beacon.krxd.net sync-criteo.ads.yieldmo.com criteo-partners.tremorhub.com match.sharethrough.com simage2.pubmatic.com exchange.mediavine.com jadserve.postrelease.com matching.ivitrack.com ad.360yield.com visitor.omnitagjs.com criteo-sync.teads.tv pixel.rubiconproject.com contextual.media.net *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.cdninstagram.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ www.google.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.google-analytics.com www.gstatic.com static.criteo.net sslwidget.criteo.com content.cptrack.de sale.cptrack.de connect.facebook.net secure.pay1.de cdn.klarna.com widgets.trustedshops.com bat.bing.com d1rsoc1eahlexs.cloudfront.net d36e13cow4bt8n.cloudfront.net zaunplaner.meingartenversand.de zaunplaner-staging.meingartenversand.de *.preview.zaunplaner.meingartenversand.de consent.cookiefirst.com *.pinterest.com *.tiktok.com *.google.com *.doubleclick.net *.pinimg.com *.solutenetwork.com *.ladenzeile.de *.criteo.com *.sibautomation.com sibautomation.com sibautomation.com/sa.js *.smooch.io static.zdassets.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net jsctool.com d.payla.io https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com d1rsoc1eahlexs.cloudfront.net d36e13cow4bt8n.cloudfront.net zaunplaner.meingartenversand.de zaunplaner-staging.meingartenversand.de consent.cookiefirst.com *.solutenetwork.com *.ladenzeile.de *.criteo.com *.googleapis.com *.fontawesome.com d.ratepay.com d.payla.io dr.payla.io https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src d1rsoc1eahlexs.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com *.google-analytics.com stats.g.doubleclick.net shops-si.trustedshops.com api.trustedshops.com api.trustbadge.etrusted.com trustbadge.api.etrusted.com d1rsoc1eahlexs.cloudfront.net d36e13cow4bt8n.cloudfront.net api.zaunplaner.meingartenversand.de api.zaunplaner-staging.meingartenversand.de static.cookiefirst.com consent.cookiefirst.com *.tiktok.com *.google.com *.doubleclick.net *.pinterest.com *.pinimg.com *.solutenetwork.com *.ladenzeile.de *.criteo.com ekr.zdassets.com in-automate.brevo.com edge.cookiefirst.com jukom.zendesk.com wss://api.eu-1.smooch.io *.facebook.com sibautomation.com region1.google-analytics.com pagead2.googlesyndication.com *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com payments.amazon.de d.ratepay.com jsctool.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-4cfecb7d4f3549e4aa996eeb70ed7085' https://MeinLUKS.ch 'self';img-src https://* 'self' blob: data:;style-src https://MeinLUKS.ch 'self' 'unsafe-inline';form-action 'self';media-src https://* 'self'; 1
font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.googleapis.com *.google.com *.gstatic.com *.avada.io *.mlstatic.com *.mercadopago.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com *.mercadopago.com *.mercadolibre.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com *.gstatic.com data: cdn.jsdelivr.net *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.gstatic.com *.googleapis.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com *.google.fr *.google.ie data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net *.googleapis.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com s7.addthis.com *.google.com *.gstatic.com https://cdnjs.cloudflare.com *.google.fr *.google.ie *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.getalma.eu facebook.com www.facebook.com connect.facebook.net graph.facebook.com ekr.zdassets.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.vimeocdn.com i.ytimg.com *.facebook.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.facebook.net www.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com https://fonts.gstatic.com 'self' data: *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com https://www.gstatic.com 'self' data: https://code.highcharts.com *.avada.io *.google.com/ *.freshworks.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com https://www.gstatic.com 'self' data: https://fonts.googleapis.com *.fontawesome.com *.freshworks.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.google-analytics.com https://fcm.googleapis.com 'self' data: https://get.geojs.io *.avada.io *.freshworks.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.cloudflare.com *.fontawesome.com maxcdn.bootstrapcdn.com www.mijnmodewereld.nl data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.mijnmodewereld.nl 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com www.mijnmodewereld.nl 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.inmotiv.nl *.pinterest.com *.vimeo.com www.facebook.com platform.twitter.com *.multisafepay.com https://pay.google.com www.mijnmodewereld.nl 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.cloudflare.com *.doubleclick.net *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.google.com *.google.nl *.klarna.com *.paypal.com *.pinterest.com *.ytimg.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.multisafepay.com *.koongo.com www.mijnmodewereld.nl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.cloudflare.com *.doubleclick.net *.fontawesome.com *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.plannen.nl *.pinimg.com requirejs.org *.avada.io connect.facebook.net twitter.com platform.twitter.com *.multisafepay.com https://pay.google.com www.mijnmodewereld.nl https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com downloads.mailchimp.com *.cloudflare.com *.fontawesome.com *.gstatic.com *.plannen.nl maxcdn.bootstrapcdn.com *.multisafepay.com cdnjs.cloudflare.com/ajax/libs/highlight.js/9.3.0/styles/darkula.min.css www.mijnmodewereld.nl 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.mijnmodewereld.nl 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.google-analytics.com *.cloudflare.com *.doubleclick.net *.facebook.com *.google.com *.google.nl *.googleapis.com *.google-analytics.com *.googlesyndication.com *.paypal.com *.pinterest.com requirejs.org https://get.geojs.io *.avada.io *.multisafepay.com *.koongo.com www.mijnmodewereld.nl 'self' 'unsafe-inline'; child-src www.mijnmodewereld.nl http: https: blob: 'self' 'unsafe-inline'; default-src www.mijnmodewereld.nl 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.mijnmodewereld.nl/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-dJKk2z6MNGd8uqRKtaF0kg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https://*.minecraft.jp; script-src 'self' 'unsafe-inline' 'nonce-aPFcySEequF1gnxKpqXekg' 'report-sample' https://*.minecraft.jp https://ajax.googleapis.com https://apis.google.com https://connect.facebook.net https://platform.twitter.com; style-src 'self' 'unsafe-inline' https://*.minecraft.jp; img-src 'self' data: https://*.minecraft.jp https://*.gstatic.com https://www.facebook.com; font-src 'self' data:; frame-src https://*.facebook.com https://*.twitter.com; report-uri https://report-uri.appspot.com/987875600540635136?ro=1 1
font-src fonts.gstatic.com *.gstatic.com data: fonts.googleapis.com *.fontawesome.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com webpay3g.transbank.cl webpay3gint.transbank.cl *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.dnky.co webchat.dotdigital.com *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com cdn.ampproject.org raw.githubusercontent.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.dnky.co webchat.dotdigital.com *.googletagmanager.com *.facebook.net *.avada.io *.mlstatic.com *.mercadopago.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://live.decidir.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com cdn.ampproject.org *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com webchat.dotdigital.com *.google-analytics.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolibre.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://developers.decidir.com/ *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.googleapis.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com *.google.com *.doubleclick.net *.facebook.com magento-cloudflare.jetrails.com *.klarna.com *.zendesk.com *.zdassets.com *.zopim.com *.trustpilot.com *.hotjar.com https://*.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net *.adyen.com https://www.google.com *.google.bg https://www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.bird.eu ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.ytimg.com *.klarna.com *.klarnaevt.com *.zendesk.com *.zdassets.com *.zopim.com https://bat.bing.com/ https://*.cookiefirst.com/ *.googleadservices.com *.google-analytics.com https://googleads.g.doubleclick.net https://www.google.se *.paypal.com *.paypalobjects.com https://mcusercontent.com https://js.klevu.com https://*.mgr.consensu.org https://cdn.consentmanager.net https://cx.atdmt.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net *.adyen.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com https://chimpstatic.com downloads.mailchimp.com *.list-manage.com *.klarna.com *.zendesk.com *.zdassets.com *.zopim.com https://bat.bing.com/ *.clarity.ms https://consent.cookiefirst.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://connect.facebook.net/ *.trustpilot.com *.klarnacdn.net https://js.klevu.com https://downloads.mailchimp.com *.hotjar.com *.hotjar.io *.gtm.adt313.net https://checkoutshopper-test.adyen.com https://*.mgr.consensu.org https://*.cloudflareinsights.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://d1pna5l3xsntoj.cloudfront.net *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com downloads.mailchimp.com *.fontawesome.com *.zendesk.com *.zdassets.com *.zopim.com https://consent.cookiefirst.com/ *.fonts.googleapis.com https://downloads.mailchimp.com https://js.klevu.com https://*.mgr.consensu.org unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://core.helloretail.com *.adyen.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.klarnaevt.com *.zendesk.com *.zdassets.com *.zopim.com wss://widget-mediator.zopim.com *.clarity.ms/ https://bat.bing.com/ https://*.cookiefirst.com/ *.paypal.com *.cardinalcommerce.com *.stripe.com *.klarna.com *.klarnacdn.net *.addwish.com *.doubleclick.net *.hotjar.com https://*.mgr.consensu.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://touchcastmaas.com https://touchcastmaas.dev https://touchcastmaasstage.com https://touchcast.com https://touchcast.io https://touchcaststage.com https://www.fiat.it https://metaversecdn-dev.azureedge.net https://metaversecdn-stage.azureedge.net https://metaversecdn-prod.azureedge.net https://ic3.events.data.microsoft.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.gigya.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com *.gigya.com 'self' data: 'unsafe-inline' data: https://pixel.quantserve.com https://www.google.it https://www.facebook.com https://p1.zemanta.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com songbirdstag.cardinalcommerce.com https://cdn.gigya-ext.com https://cdn-eu.dynamicyield.com https://*.cloudfront.net https://cookielaw.emea.fcagroup.com https://*.facebook.com/ https://ad.doubleclick.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com 'unsafe-inline' data: *.fontawesome.com https://cookielaw.emea.fcagroup.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com thm.visa.com https://async-px-eu.dynamicyield.com https://dbomopar.fcagroup.it https://login-stage.stellantis.com https://login-stage.moparstore.it https://lm.serving-sys.com https://secure-ds.serving-sys.com https://googleads.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com maxcdn.bootstrapcdn.com fonts.googleapis.com https://use.typekit.net https://kit-pro.fontawesome.com/ *.fontawesome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net *.sharethis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com quickchart.io img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net *.sharethis.com chimpstatic.com downloads.mailchimp.com *.list-manage.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://kit.fontawesome.com www.gstatic.com *.googleapis.com *.fontawesome.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://d1pna5l3xsntoj.cloudfront.net *.sharethis.com fonts.googleapis.com downloads.mailchimp.com maxcdn.bootstrapcdn.com fonts.gstatic.com unsafe-inline assets.braintreegateway.com https://p.typekit.net https://use.typekit.net https://kit-pro.fontawesome.com/ *.googleapis.com *.fontawesome.com *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://core.helloretail.com *.sharethis.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://events.mercadolibre.com/csp/reports?identifier=jRuisOMjDBl8yf2xetBFynFnOsHb9gusErSA-ooIZNQWVYMAKXgC-Po5d06V_KH5&policy_id=71&user_id=&request_id=85e03234-ab36-47d1-9494-608216e54ecd; report-to csp-endpoint; frame-ancestors 'none' 1
connect-src 'self' https://www.motonet.se https://*.adyen.com/checkoutshopper/ https://graphql.datocms.com https://*.doubleclick.net https://www.instagram.com https://*.broman.group https://*.litix.io https://vimeo.com https://*.klarna.com https://*.klarnaevt.com/v1/ https://api.postmarkapp.com https://www.youtube.com https://api.videoly.co https://js.testfreaks.com https://api.testfreaks.com https://reviews.testfreaks.com https://policy.app.cookieinformation.com https://consent.app.cookieinformation.com/api/consent https://api.custobar.com/js/v1/custobar.js https://*.google-analytics.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://*.googlesyndication.com https://*.adform.net https://*.creativecdn.com https://connect.facebook.net https://rum.browser-intake-datadoghq.eu/api/v2/rum https://session-replay.browser-intake-datadoghq.eu/api/v2/replay https://cdn.broman.group https://*.adyen.com/checkoutshopper/ https://eu.playground.klarnaevt.com https://i.ytimg.com https://www.datocms-assets.com https://stagingaksapimanagementbroman.azure-api.net https://testapimanagementbroman.azure-api.net https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com https://*.mux.com https://*.vimeocdn.com https://dapi.videoly.co https://*.facebook.com https://*.seadform.net https://*.adform.net https://*.criteo.net https://*.criteo.com https://cdn.broman.group https://www.googletagmanager.com/ https://ib.adnxs.com/setuid https://ib.adnxs.com/getuid https://cm.g.doubleclick.net https://dev.visualwebsiteoptimizer.com https://*.googletagmanager.com https://eu.fw-cdn.com https://*.freshchat.com/ https://src.freshmarketer.eu/mas; img-src 'self' data: https://www.datocms-assets.com https://asset.mot1.fi https://i.ytimg.com https://image.mux.com https://cdn.broman.group https://*.adyen.com/checkoutshopper/ https://eu.playground.klarnaevt.com https://i.ytimg.com https://www.datocms-assets.com https://stagingaksapimanagementbroman.azure-api.net https://testapimanagementbroman.azure-api.net https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com https://*.mux.com https://*.vimeocdn.com https://dapi.videoly.co https://*.facebook.com https://*.seadform.net https://*.adform.net https://*.criteo.net https://*.criteo.com https://cdn.broman.group https://www.googletagmanager.com/ https://ib.adnxs.com/setuid https://ib.adnxs.com/getuid https://cm.g.doubleclick.net https://dev.visualwebsiteoptimizer.com; frame-src 'self' https://checkoutshopper-test.adyen.com/ https://checkoutshopper-live.adyen.com/ https://pal-test.adyen.com/ https://pal-live.adyen.com/ https://www.youtube.com https://www.youtube-nocookie.com https://js.playground.klarna.com/ https://js.klarna.com/ https://osm.klarnaservices.com/ https://*.vimeo.com https://app.ecoonline.com https://www.maston.fi https://websds.volvo.com https://policy.app.cookieinformation.com/ https://*.criteo.com https://*.adform.net https://*.creativecdn.com https://www.facebook.com https://*.googletagmanager.com https://eu.fw-cdn.com https://*.freshchat.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://js.playground.klarna.com https://js.klarna.com/web-sdk/ https://api.videoly.co/1/quchbox/0/299/quch.js  https://dapi.videoly.co https://www.youtube.com https://*.vimeo.com https://policy.app.cookieinformation.com https://api.custobar.com/js/v1/custobar.js https://*.criteo.net https://*.criteo.com https://*.adform.net https://connect.facebook.net https://tags.creativecdn.com https://dev.visualwebsiteoptimizer.com https://*.googletagmanager.com https://eu.fw-cdn.com https://*.freshchat.com; object-src data:; report-uri https://csp-report.browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=pubc3458944fc7afc90cbf5ceb44d517397&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env%3Aproduction%2Cservice%3Astorefront-se-browser%2Cversion%3A2024-07-24_20240724.1; 1
font-src https://geowidget.easypack24.net *.fontawesome.com *.googleapis.com *.gstatic.com *.stape.io maxcdn.bootstrapcdn.com fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com sandbox.przelewy24.pl secure.przelewy24.pl 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ bid.g.doubleclick.net https://geowidget-app.inpost.pl/ *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.stape.io *.google.com/ pay.google.com pudofinder.dpd.com.pl *.doubleclick.net *.consentmanager.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://pixel.wp.pl *.google.pl *.google.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org https://www.magezon.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net *.stape.io https://img.youtube.com static.przelewy24.pl www.gstatic.com gstatic.com *.hsforms.net *.hsforms.com 'self' data: *.consentmanager.net data: 'self' 'unsafe-inline'; script-src *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://pixel.wp.pl https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.fontawesome.com *.googleapis.com *.gstatic.com *.poczta-polska.pl https://polyfill-fastly.io https://browser.sentry-cdn.com s7.addthis.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com *.doubleclick.net *.stape.io *.avada.io sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com *.hsforms.net *.hsforms.com *.snrbox.com ruch-osm.sysadvisors.pl *.consentmanager.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://geowidget.easypack24.net https://geowidget.inpost.pl *.fontawesome.com *.googleapis.com *.googletagmanager.com *.stape.io maxcdn.bootstrapcdn.com fonts.googleapis.com *.gstatic.com *.snrcdn.net ruch-osm.sysadvisors.pl 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://stats.g.doubleclick.net *.google.com *.easypack24.net *.inpost.pl *.openstreetmap.org *.poczta-polska.pl https://*.ingest.sentry.io ekr.zdassets.com/ *.google-analytics.com *.doubleclick.net *.googlesyndication.com *.stape.io https://get.geojs.io *.avada.io sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.snrbox.com server-side-tagging-ceddw3fo6q-uc.a.run.app 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com *.demdex.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com www.paypalobjects.com js.braintreegateway.com www.paypal.com assets.adobedtm.com commerce.adobe.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://adobedc.demdex.net/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.klarnacdn.net maxcdn.bootstrapcdn.com fonts.gstatic.com widget-v4.tidiochat.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.klarna.com www.googletagmanager.com https://plumrocket.com td.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com flagpedia.net maps.gstatic.com *.googleusercontent.com cdnjs.cloudflare.com www.google.fi avatars.tidiochat.com resources.paytrail.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com *.klarna.com *.klarnacdn.net *.klarnaservices.com s7.addthis.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.gstatic.com maps.googleapis.com code.tidio.co widget-v4.tidiochat.com pagead2.googlesyndication.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klarnacdn.net maxcdn.bootstrapcdn.com *.gstatic.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com widget-v4.tidiochat.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com ekr.zdassets.com/ *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net www.gstatic.com maps.googleapis.com www.googleapis.com sentry-new.tidio.co wss://socket.tidio.co api-v2.tidio.co www.google.com googleads.g.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.at https://www.myheritage.de  'unsafe-eval' 'nonce-db8fc4716bf3f2e46b71bcaec199f506' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.at;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.ch https://www.myheritage.de  'unsafe-eval' 'nonce-9f3021aea91c792305014866acc23edb' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.ch;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.hu https://www.myheritage.hu  'unsafe-eval' 'nonce-1b403c5333eef01c42604b817d0e0b40' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.hu;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.sk https://www.myheritage.sk  'unsafe-eval' 'nonce-6c8c4c43b0df4908903a40ecd65b8a00' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.sk;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
font-src *.googleapis.com *.gstatic.com data: *.stripe.com *.google.com *.opayo.eu.elavon.com *.fontawesome.com 'self' data: fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com *.google.com *.opayo.eu.elavon.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.stripe.com *.google.com *.opayo.eu.elavon.com *.trustpilot.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com *.google.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.paypal.com *.opayo.eu.elavon.com *.hsforms.net *.hsforms.com 'self' data: *.cdninstagram.com *.fbcdn.net maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.stripe.com *.google.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.opayo.eu.elavon.com *.hsforms.net *.hsforms.com *.trustpilot.com *.cloudflare.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.stripe.com *.google.com downloads.mailchimp.com *.opayo.eu.elavon.com *.fontawesome.com *.googleapis.com *.gstatic.com *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com *.google.com *.paypal.com *.opayo.eu.elavon.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com https://www.google-analytics.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net 'self' data: *.cloudflare.com *.trustedshops.com *.usercentrics.eu data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: maps.gstatic.com *.cloudfront.net https://cdn.klarna.com https://s.ytimg.com *.usercentrics.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.hsforms.net *.hsforms.com www.google.com *.gstatic.com maps.googleapis.com *.cloudflare.com *.trustedshops.com *.usercentrics.eu www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.googleapis.com *.gstatic.com *.cloudflare.com getfirebug.com *.yotpo.com *.typekit.net *.trustedshops.com *.usercentrics.eu data: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.cloudflare.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.klarnacdn.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.klarna.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com www.apptrian.com *.klarna.com *.klarnaevt.com *.klarnacdn.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com tagmanager.google.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com jsd-widget.atlassian.com *.klarna.com *.klarnacdn.net *.klarnaservices.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com fonts.googleapis.com *.klarnacdn.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com *.googleapis.com www.apptrian.com jsd-widget.atlassian.com api-private.atlassian.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors oxxobusinessclub.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.conekta.io conektaapi.s3.amazonaws.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com js-agent.newrelic.com 'self' 'unsafe-inline' 'unsafe-eval' https://static.hotjar.com *.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval' *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.conekta.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.google-analytics.com bam.nr-data.net 'self' 'unsafe-inline' *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com *.acsbapp.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com player.vimeo.com *.bolt.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.acsbapp.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 assets.adobedtm.com *.magento-datasolutions.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com acsbapp.com *.acsbapp.com hotjar.com *.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com *.bolt.com api.magento.com performance.typekit.net *.magento-datasolutions.com *.magento-ds.com *.adobe.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com acsbapp.com *.acsbapp.com hotjar.com *.hotjar.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval' 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com *.yotpo.com 'self' data: *.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe https://mobbex.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe *.mobbex.com https://stats.g.doubleclick.net/ *.yotpo.com *.google.com *.google.com.ar *.facebook.com *.doubleclick.net 'self' data: www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com https://www.gstatic.com/ *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe *.avada.io *.mobbex.com *.google.com *.googleoptimize.com *.gstatic.com *.googletagmanager.com *.fanplayr.com *.facebook.net *.yotpo.com *.doubleclick.net *.magentosite.cloud www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.googleapis.com *.yotpo.com *.fonts.net *.magentosite.cloud 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe https://get.geojs.io *.avada.io *.mobbex.com *.google-analytics.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es https://stats.g.doubleclick.net/ *.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://paradineiro.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
default-src 'self'; script-src 'self' 'report-sample'; style-src 'report-sample'; style-src-elem 'self'; style-src-attr 'unsafe-inline'; img-src 'self'; font-src 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; frame-src 'self'; worker-src 'none'; base-uri 'self'; manifest-src 'self'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com account.fetchify.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cc-cdn.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.yotpo.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://fonts.googleapis.com https://fonts.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: rec.smartlook.com cdn.cookielaw.org *.googleapis.com analytics.google.com www.google.com *.facebook.com t.teads.tv p.teads.tv cdn.datatables.net cdn.jsdelivr.net sp.analytics.yahoo.com www.googletagmanager.com cdn.krxd.net cdn.treasuredata.com *.facebook.net cm.teads.tv cdnjs.cloudflare.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://test.oppwa.com/ https://oppwa.com/ https://eu-prod.oppwa.com/ https://www.datafast.com.ec/ 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ https://test.oppwa.com/ https://oppwa.com/ https://www.datafast.com.ec/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://test.oppwa.com/ https://oppwa.com/ https://www.datafast.com.ec/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://test.oppwa.com/ https://oppwa.com/ https://eu-prod.oppwa.com/ https://www.datafast.com.ec/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://test.oppwa.com/ https://oppwa.com/ https://eu-prod.oppwa.com/ https://www.datafast.com.ec/ *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io https://test.oppwa.com/ https://oppwa.com/ https://eu-prod.oppwa.com/ https://www.datafast.com.ec/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://events.mercadolibre.com/csp/reports?identifier=jRuisOMjDBl8yf2xetBFynFnOsHb9gusErSA-ooIZNQWVYMAKXgC-Po5d06V_KH5&policy_id=71&user_id=&request_id=e24f1ead-30d9-4fed-84c2-2340d127dfd7; report-to csp-endpoint; frame-ancestors 'none' 1
font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ maps.googleapis.com chart.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com chart.googleapis.com *.googletagmanager.com *.facebook.net *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com unsafe-inline 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com chart.googleapis.com *.google-analytics.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; child-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https:; font-src https: data:; style-src https: 'unsafe-inline'; img-src https: blob: data:; frame-ancestors 'self'; frame-src 'self' https:; worker-src blob:; object-src 'self'; media-src https: blob: data:; report-uri https://www.plateforme-apis.fr/local/csp/collector.php?uid=0&cid=1 1
font-src fonts.googleapis.com fonts.gstatic.com https://fonts.gstatic.com https://ws.colissimo.fr *.fontawesome.com js.api.here.com *.youtube.com 1.base.maps.ls.hereapi.com/maptile/2.1/info 1.aerial.maps.ls.hereapi.com/maptile/2.1/info vector.hereapi.com/v2/vectortiles/info js.api.here.com/v3/3.1/styles/omv/miami/normal.day.yaml vector.hereapi.com/v2/vectortiles/copyrights js.api.here.com/v3/3.1/styles/omv/skeleton.yaml js.api.here.com/v3/3.1/styles/omv/road_shields.day.yaml js.api.here.com/v3/3.1/styles/omv/label.priorities.yaml vector.hereapi.com/v2/vectortiles/base/mc/9/256/183/omv vector.hereapi.com/v2/vectortiles/base/mc/9/257/183/omv vector.hereapi.com/v2/vectortiles/base/mc/9/256/184/omv vector.hereapi.com/v2/vectortiles/base/mc/9/257/184/omv graph.instagram.com/me/media js.api.here.com/v3/3.1/styles/fonts/FiraGO-Map.woff js.api.here.com/v3/3.1/styles/fonts/FiraGO-Italic.woff applepay.cdn-apple.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://www.youtube.com https://form.typeform.com *.hotjar.com *.google.com *.doubleclick.net *.facebook.com *.weltpixel.com www.xtento.com api.payplug.com secure.payplug.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io maps.googleapis.com maps.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr *.piwik.pro *.matomo.cloud *.youtube.com *.google.co.uk *.google.com.ua *.google.com *.googletagmanager.com https://bat.bing.com/action/0 https://storage.googleapis.com/website-ef39890f/produits/attribut_1.jpg https://storage.googleapis.com/website-ef39890f/produits/attribut_2.jpg https://storage.googleapis.com/website-ef39890f/produits/attribut_3.jpg https://storage.googleapis.com/website-ef39890f/produits/attribut_4.jpg https://storage.googleapis.com/website-ef39890f/produits/attribut_5.jpg https://cdn2.hubspot.net/hubfs/508350/BADGE_PAIEMENT_2@2x.png https://js.api.here.com/v3/3.1/styles/omv/icons/sprite-2x.png https://js.api.here.com/v3/3.1/styles/omv/icons/road_icons-2x.png https://storage.googleapis.com https://cdn2.hubspot.net https://js.api.here.com https://scontent.cdninstagram.com *.doubleclick.net https://scontent.cdninstagram.com/v/t51.2885-15/260296993_849019392440806_1700673023175743553_n.jpg https://scontent.cdninstagram.com/v/t51.2885-15/260044152_436307778115476_7600172539440816000_n.jpg https://scontent.cdninstagram.com/v/t51.2885-15/261801628_1261174687714340_7736851760014741587_n.jpg https://scontent.cdninstagram.com/v/t51.2885-15/260529315_225157813081369_6837512984564860239_n.jpg https://scontent.cdninstagram.com/v/t51.2885-15/263184407_328424538779765_5221694345882642889_n.jpg https://scontent.cdninstagram.com/v/t51.2885-15/266389092_1614368342234765_2968722902784167446_n.jpg https://scontent.cdninstagram.com/v/t51.2885-15/264852596_627335521870014_5040258744862434244_n.jpg https://scontent.cdninstagram.com/v/t51.2885-15/265356568_5049204575091602_3632498141846560470_n.jpg https://scontent.cdninstagram.com/v/t51.2885-15/261612449_131505805942503_1021005885788653226_n.jpg https://scontent.cdninstagram.com/v/t51.2885-15/264530003_652201109151326_3435745126752363541_n.jpg https://scontent.cdninstagram.com/v/t51.2885-15/262756442_441834440679621_4515724252730267794_n.jpg https://scontent.cdninstagram.com/v/t51.2885-15/264000873_213792314241080_9140927077058749409_n.jpg *.google.fr *.facebook.com www.xtento.com cdn.xtento.com *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com *.avada.io *.piwik.pro *.matomo.cloud *.youtube.com *.doubleclick.net *.google.com *.googletagmanager.com bat.bing.com static.hotjar.com/c/hotjar-1751513.js script.hotjar.com *.facebook.net www.google.com/recaptcha/api.js www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/recaptcha__fr.js script.hotjar.com/modules.909c20fd8721306b1fa9.js bat.bing.com/p/action/22018159.js script.hotjar.com/modules.19e5fee3eaef277c9b64.js script.hotjar.com/modules.54959b9c945092ba123f.js js.api.here.com/v3/3.1/mapsjs-core.js js.api.here.com/v3/3.1/mapsjs-service.js js.api.here.com/v3/3.1/mapsjs-ui.js js.api.here.com/v3/3.1/mapsjs-mapevents.js script.hotjar.com/modules.cbd9b920d05cd9e47f57.js bat.bing.com/p/action/5891144.js www.gstatic.com/recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/recaptcha__fr.js *.gstatic.com www.xtento.com cdn.xtento.com api.payplug.com applepay.cdn-apple.com https://www.googletagmanager.com tagmanager.google.com https://cdnjs.cloudflare.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com *.fontawesome.com *.piwik.pro *.matomo.cloud js.api.here.com/v3/3.1/mapsjs-ui.css code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css www.gstatic.com js.api.here.com/v3/3.1/mapsjs-core.js js.api.here.com/v3/3.1/mapsjs-service.js js.api.here.com/v3/3.1/mapsjs-ui.js js.api.here.com/v3/3.1/mapsjs-mapevents.js www.googleadservices.com/pagead/conversion_async.js cdn.jsdelivr.net/npm/flatpickr/dist/flatpickr.min.css tagmanager.google.com https://cdnjs.cloudflare.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://nominatim.openstreetmap.org https://get.geojs.io *.avada.io *.piwik.pro *.matomo.cloud https://in.hotjar.com/api/v2/client/sites/1751513/visit-data https://www.google-analytics.com/j/collect *.doubleclick.net *.google.com *.youtube.com https://1.base.maps.ls.hereapi.com/maptile/2.1/info https://1.aerial.maps.ls.hereapi.com/maptile/2.1/info https://vector.hereapi.com/v2/vectortiles/info https://vector.hereapi.com/v2/vectortiles/copyrights https://js.api.here.com https://vector.hereapi.com https://graph.instagram.com/me/media https://preprod-www.podowell.fr https://www.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://events.mercadolibre.com/csp/reports?identifier=jRuisOMjDBl8yf2xetBFynFnOsHb9gusErSA-ooIZNQWVYMAKXgC-Po5d06V_KH5&policy_id=71&user_id=&request_id=fcbf8eda-1df9-42f9-bd71-0deb06388689; report-to csp-endpoint; frame-ancestors 'none' 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com 'self' data: https://widgets.trustedshops.com https://integrations.etrusted.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.cleverreach.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com *.hotjar.com secure.pay1.de/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.cloudfront.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://api.mapbox.com cdn.pay1.de x.klarnacdn.net *.hsforms.net *.hsforms.com 'self' data: https://widgets.trustedshops.com https://integrations.etrusted.com widgets.trustedshops.com mcstagingmedia.carou.com mcprodmedia.carou.com *.google.com www.google.com.ua ct.pinterest.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com chimpstatic.com downloads.mailchimp.com *.list-manage.com widget.freshworks.com m2epro.freshdesk.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io *.hotjar.com unsafe-inline *.hsforms.net *.hsforms.com https://widgets.trustedshops.com https://integrations.etrusted.com widgets.trustedshops.com bam.nr-data.net js-agent.newrelic *.ratepay.com js-agent.newrelic.com s.pinimg.com analytics.tiktok.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com downloads.mailchimp.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com d.ratepay.com d.payla.io dr.payla.io maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com *.bootstrapcdn.com maxcdn.bootstrapcdn.com/ *.ratepay.com/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com widget.freshworks.com m2epro.freshdesk.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com payments.amazon.de d.ratepay.com jsctool.com eu.playground.klarnaevt.com autocomplete2.postdirekt.de t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.trustedshops.com *.etrusted.com *.hotjar.com wss://*.hotjar.com/ bam.nr-data.net www.carou.com stats.g.doubleclick.net vc.hotjar.io ct.pinterest.com analytics.tiktok.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://events.mercadolibre.com/csp/reports?identifier=jRuisOMjDBl8yf2xetBFynFnOsHb9gusErSA-ooIZNQWVYMAKXgC-Po5d06V_KH5&policy_id=71&user_id=&request_id=307618f7-e0dc-4788-9f5c-c8e53a0a38fa; report-to csp-endpoint; frame-ancestors 'none' 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.twitter.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com quickchart.io img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io cdn.jsdelivr.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net fonts.gstatic.com fonts.googleapis.com unsafe-inline *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cloudflare.com *.twitter.com *.twimg.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src *.googleapis.com *.gstatic.com fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com data: *.stape.io maxcdn.bootstrapcdn.com https://geowidget.easypack24.net 'self' data: sw-assets.ekomiapps.de schroniskobukowina.pl geowidget.easypack24.net *.ekomiapps.de data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com schroniskobukowina.pl 'self' 'unsafe-inline'; frame-ancestors schroniskobukowina.pl 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pay.google.com play.google.com testpay.autopay.eu pay.autopay.eu testcards.autopay.eu cards.autopay.eu cdn.dnky.co *.hotjar.com *.google.com *.facebook.com *.trustpilot.com *.criteo.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.stape.io https://geowidget-app.inpost.pl/ td.doubleclick.net www.googletagmanager.com more.edrone.me schroniskobukowina.pl 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com https://images.unsplash.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com platnosci.bm.pl platnosci-accept.bm.pl www.gstatic.com testimages.autopay.eu images.autopay.eu *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net *.google.com.ua *.google.co.uk *.google.be *.google.de *.doubleclick.net *.stape.io https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.hsforms.net *.hsforms.com 'self' data: consent.cookiefirst.com smart-widget-assets.ekomiapps.de www.google.pl bat.bing.com c.clarity.ms www.google.it www.google.se sw-assets.ekomiapps.de ekomi-srr.s3.eu-central-1.amazonaws.com www.google.com.bd www.google.com.eg www.google.fr dgk28ckagqims.cloudfront.net pagead2.googlesyndication.com ruch-osm.sysadvisors.pl www.google.ie www.magentocommerce.com www.google.pt www.google.ch www.google.cz www.google.com.ng www.google.dk data www.google.sk www.google.no www.google.gr www.google.es www.google.hr blob www.google.dz www.google.is www.google.fi www.google.at www.google.ca www.google.lt www.google.iq www.google.hu www.google.co.uk restauracja.schroniskobukowina.pl www.google.co.cr schroniskobukowina.pl geowidget.easypack24.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com testcards.autopay.eu cards.autopay.eu pay.google.com *.google-analytics.com *.googletagmanager.com *.paypal.com *.google.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.trustpilot.com cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com s7.addthis.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net *.stape.io *.avada.io https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.hsforms.net *.hsforms.com consent.cookiefirst.com sw-assets.ekomiapps.de smart-widget-assets.ekomiapps.de bat.bing.com d3bo67muzbfgtl.cloudfront.net ruch-osm.sysadvisors.pl static.hotjar.com script.hotjar.com www.clarity.ms pagead2.googlesyndication.com schroniskobukowina.pl d3vhsxl1pwzf0p.cloudfront.net api.edrone.me geowidget.easypack24.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com testpay.autopay.eu pay.autopay.eu testcards.autopay.eu cards.autopay.eu *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net *.googletagmanager.com *.stape.io maxcdn.bootstrapcdn.com https://geowidget.easypack24.net https://geowidget.inpost.pl *.gstatic.com consent.cookiefirst.com sw-assets.ekomiapps.de d3bo67muzbfgtl.cloudfront.net smart-widget-assets.ekomiapps.de ruch-osm.sysadvisors.pl geowidget.easypack24.net schroniskobukowina.pl geowidget.inpost.pl *.autopay.eu  'self' 'unsafe-inline'; object-src schroniskobukowina.pl 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.zopim.com https://geowidget.easypack24.net data schroniskobukowina.pl 'self' 'unsafe-inline'; manifest-src schroniskobukowina.pl 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.clarity.ms *.facebook.com *.datatrics.com ekr.zdassets.com/ *.google.com *.doubleclick.net *.googlesyndication.com *.stape.io https://get.geojs.io *.avada.io *.easypack24.net *.inpost.pl *.openstreetmap.org t.elasticsuite.io *.hsforms.net *.hsforms.com smart-widget-assets.ekomiapps.de consent.cookiefirst.com edge.cookiefirst.com api.cookiefirst.com bat.bing.com www.google.pl ws.hotjar.com api.edrone.me data api-s.edrone.me properties www.google.com.bd google.com www.google.com.hk www.google.se ruch-osm.sysadvisors.pl www.google.it region1.google-analytics.com pagead2.googlesyndication.com www.google.co.uk www.google.ch spay.samsung.com www.google.nl www.google.fr www.google.com.ng www.google.de www.google.dk region1.analytics.google.com www.google.com adservice.google.com t.clarity.ms e.clarity.ms r.clarity.ms j.clarity.ms v.clarity.ms vc.hotjar.io p.clarity.ms y.clarity.ms www.google.es www.google.no widgets.ekomi.com www.google.sk www.google.cz x.clarity.ms www.google.com.eg www.google.at m.clarity.ms sw-assets.ekomiapps.de schroniskobukowina.pl googleads.g.doubleclick.net ekr.zdassets.com 'self' 'unsafe-inline'; child-src schroniskobukowina.pl http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com schroniskobukowina.pl 'self' 'unsafe-inline' 'unsafe-eval'; base-uri schroniskobukowina.pl 'self' 'unsafe-inline'; report-uri /csp_reporter.php; 1
font-src fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.scooterpieces.fr *.cloudfront.net *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com *.colissimo.fr *.avis-verifies.com *.mapbox.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.scooterpieces.fr *.twitter.com *.facebook.com *.colissimo.fr *.avis-verifies.com *.mapbox.com *.googleapis.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com s3-eu-west-1.amazonaws.com *.front.ecard.pledg.co front.ecard.pledg.co hooks.stripe.com *.scooterpieces.fr *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com *.colissimo.fr *.avis-verifies.com *.googleapis.com *.googlesyndication.com https://stats.g.doubleclick.net *.doubleclick.net  'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com camo.githubusercontent.com *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.scooterpieces.fr *.cloudfront.net *.cloudflare.com *.gstatic.com *.google.co.in https://www.facebook.com *.klarna.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net *.youtube.com https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com *.colissimo.fr *.avis-verifies.com *.mapbox.com *.googleapis.com *.google.fr *.googlesyndication.com maps.google.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com cdn.jsdelivr.net connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com https://cdnjs.cloudflare.com s3-eu-west-1.amazonaws.com *.front.ecard.pledg.co *.scooterpieces.fr *.cloudfront.net *.newrelic.com *.nr-data.net *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com https://chimpstatic.com *.youtube.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com *.googleapis.com *.toto.fr *.colissimo.fr *.avis-verifies.com *.mapbox.com *.googlesyndication.com webcache.googleusercontent.com *.google.fr *.googletagservices.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.jsdelivr.net fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.cloudfront.net *.scooterpieces.fr *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.youtube.com *.bootstrapcdn.com *.mapbox.com *.colissimo.fr *.avis-verifies.com webcache.googleusercontent.com *.google.fr *.googleadservices.com *.googlesyndication.com *.google-analytics.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com *.getalma.eu *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net s3-eu-west-1.amazonaws.com *.front.ecard.pledg.co *.scooterpieces.fr *.nr-data.net *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.colissimo.fr *.avis-verifies.com *.mapbox.com *.googleapis.com webcache.googleusercontent.com *.googlesyndication.com https://stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://scooterpieces.fr/; report-to report-endpoint; 1
font-src *.gstatic.com data: *.googleapis.com fonts.googleapis.com fonts.gstatic.com *.stape.io *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cookiebot.com business.facebook.com libs.hipay.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.stape.io c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com www.google.com www.google.it *.cookiebot.com business.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net *.stape.io flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.matomo.cloud *.cookiebot.com business.facebook.com cdn.lordicon.com chimpstatic.com js-agent.newrelic.com bam.nr-data.net secure-gateway.hipay-tpp.com mpsnare.iesnare.com libs.hipay.com downloads.mailchimp.com *.list-manage.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com *.doubleclick.net *.stape.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com libs.hipay.com downloads.mailchimp.com *.googleapis.com *.googletagmanager.com *.stape.io *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com stats.g.doubleclick.net googleads.g.doubleclick.net *.google-analytics.com *.googlesyndication.com *.matomo.cloud *.analytics.tiktok.com business.facebook.com cdn.lordicon.com stage-data.hipay.com bam.nr-data.net *.doubleclick.net *.stape.io www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://static.addtoany.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.avada.io maps.googleapis.com https://static.addtoany.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io https://static.addtoany.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com use.fontawesome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com https://static.addtoany.com/ *.instagram.com www.google.com js.stripe.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.gstatic.com *.googleapis.com *.cdninstagram.com *.authorize.net assets.secure.checkout.visa.com sandbox.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com https://redchamps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.addtoany.com/ *.googleapis.com *.gstatic.com *.instagram.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.vimeo.com js.stripe.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://wheelioapp.azureedge.net https://dashboard.wheelio-app.com *.googletagmanager.com *.facebook.net use.fontawesome.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com https://static.klaviyo.com *.fontawesome.com use.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com https://stats.addtoany.com/menu *.googleapis.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.ccavenue.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.ccavenue.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.ccavenue.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.ccavenue.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.ccavenue.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com fonts.gstatic.com www.paypal.com www.paypalobjects.com data: *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.googlesyndication.com *.google.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com embed.sendcloud.sc www.google.com www.gstatic.com *.plugins.emarsys.net *.scarabresearch.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com fonts.googleapis.com/ https://static.klaviyo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.scarabresearch.com *.eservice.emarsys.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net fonts.googleapis.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net maps.googleapis.com maps.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.playground.klarna.com cdn.klarna.com www.google.com js.klarna.com youtube.com www.youtube.com *.cookiebot.com *.klarna.com *.criteo.com *.hotjar.com *.doubleclick.net widget.trustpilot.com tr.snapchat.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.trustpilot.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.clerk.io *.algolia.net *.algolianet.com cdn.klarna.com x.klarnacdn.net *.playground.klarna.com tagmanager.google.com www.googletagmanager.com ssl.google-analytics.com www.google.com www.gstatic.com *.cookiebot.com *.googlesyndication.com s.sparmax.no googletagmanager.com *.lipscore.com frankanddick.dev s.kk-resources.com *.criteo.com *.criteo.net dev.visualwebsiteoptimizer.com *.hotjar.com *.bing.com *.de17a.com *.facebook.net google-analytics.com *.adform.net *.sleeknote.com *.zdassets.com google.com gstatic.com *.trustpilot.com *.klarnaservices.com *.clarity.ms *.klarnacdn.net *.klarna.com *.doubleclick.net *.sparmax.se *.sparmax.dk *.maxkjop.no *.skjaraard.no s.skjargaard.no partner.googleadservices.com www.tryggehandel.no *.zopim.com vjs.zencdn.net player.vimeo.com widget-mediator.zopim.com static.lipscore.com widget.trustpilot.com invitejs.trustpilot.com eu-library.klarnaservices.com sleeknotecustomerscripts.sleeknote.com static.zdassets.com tr.snapchat.com sc-static.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.youtube.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cloudflare.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' 'unsafe-inline'; media-src static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.playground.klarnaevt.com www.googletagmanager.com www.google-analytics.com *.cookiebot.com *.criteo.com vars.hotjar.com *.de17a.com *.zdassets.com *.trustpilot.com dnacdn.net *.getsentry.com sparmax.zendesk.com s.sparmax.no tryggehandel.no google.com gtm.sparmax.no *.clarity.ms bat.bing.com wapi.lipscore.com google-analytics.com widget-mediator.zopim.com google.com/recaptcha *.klarnacdn.net *.doubleclick.net *.klarnaevt.com *.klarna.com s.sparmax.se s.sparmax.dk s.maxkjop.no *.skjaraard.no s.skjargaard.no www.facebook.com/tr wss://widget-mediator.zopim.com static.zdassets.com *.klarnauserservices.com *.klarnaservices.com *.snapchat.com *.google.com *.google-analytics.com *.googlesyndication.com *.visualwebsiteoptimizer.com *.hotjar.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; font-src https://pim.sparmax.no/ x.klarnacdn.net fonts.gstatic.com fonts.gstatic.com/s s.sparmax.no s.sparmax.dk s.sparmax.se s.maxkjop.no s.skjargaard.no *.zopim.com data: static.lipscore.com *.fontawesome.com *.gstatic.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; style-src https://pim.sparmax.no/ getfirebug.com tagmanager.google.com fonts.googleapis.com https://*.sparmax.no *.trollweb.no *.lipscore.com *.klarnacdn.net https://*.sparmax.se https://*.sparmax.dk https://*.maxkjop.no https://*.skjargaard.no unsafe-inline vjs.zencdn.net sparmax.wpcloud.trollweb.no x.klarnacdn.net static.lipscore.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.trustpilot.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; img-src https://pim.sparmax.no/ assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com camo.githubusercontent.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.clerk.io cdn.klarna.com *.playground.klarnaevt.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com googleads.g.doubleclick.net www.google.com *.cookiebot.com s.sparmax.no www.tryggehandel.no *.trollweb.no google-analytics.com dev.visualwebsiteoptimizer.com google.com/ads www.facebook.com *.bing.com *.criteo.com *.criteo.net *.zdassets.com *.clarity.ms x.klarnacdn.net *.doubleclick.net raw.githubusercontent.com/vippsas *.sparmax.se *.sparmax.dk *.maxkjop.no *.skjaraard.no s.skjargaard.no googleadservices.com v2assets.zopim.io www.google.no/ads www.google.se/ads www.google.dk/ads www.google.fr/ads www.google.co.uk/ads www.google.uk/ads www.google.com/ads www.google.de/ads www.google.pl/ads www.google.lt/ads www.google.es/ads www.google.lv/ads www.google.ee/ads www.google.th/ads www.google.no/pagead www.google.se/pagead www.google.dk/pagead www.google.fr/pagead www.google.co.uk/pagead www.google.uk/pagead www.google.com/pagead www.google.de/pagead www.google.pl/pagead www.google.lt/pagead www.google.es/pagead www.google.lv/pagead www.google.ee/pagead www.google.th/pagead gtm.sparmax.no *.klarnaevt.com sparmax.wpcloud.trollweb.no tr.snapchat.com *.google.com *.google.pl *.google.no https:/at19.net https://bdt9.net https://ds1.nl https://dt51.net https://dt61.net https://fr135.net https://glp8.net https://jdt8.net https://jf79.net https://hs82.net https://lt45.net https://mt74.net https://ndt5.net https://rkn3.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; 1
font-src https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com fonts.gstatic.com https://maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self' *.maksekeskus.ee *.test.maksekeskus.ee 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ https://www.google.com 'self' *.maksekeskus.ee *.test.maksekeskus.ee www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://accounts.google.com https://*.google.com https://*.hotjar.com https://vars.hotjar.com https://www.facebook.com https://*.criteo.com https://gum.criteo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.maksekeskus.ee *.test.maksekeskus.ee https://www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com public.montonio.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://www.google.com https://www.google.ee https://www.google-analytics.com rx.sudameapteek.ee data: http: https: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.polyfill.io https://browser.sentry-cdn.com https://www.google.com https://www.gstatic.com 'self' *.maksekeskus.ee *.test.maksekeskus.ee data: www.facebook.com https://connect.facebook.net graph.facebook.com business.facebook.com public.montonio.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.google-analytics.com https://www.googletagmanager.com rx.sudameapteek.ee http: https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com rx.sudameapteek.ee http: https: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.ingest.sentry.io 'self' *.maksekeskus.ee *.test.maksekeskus.ee www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com https://stats.g.doubleclick.net rx.sudameapteek.ee http: https: wss: 'self' 'unsafe-inline'; child-src 'self' *.maksekeskus.ee *.test.maksekeskus.ee assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://assets.emarsys.net https://cdn.scarabresearch.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.mlstatic.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://production-tailoy-repo-magento-statics.s3.us-east-2.amazonaws.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://recommender.scarabresearch.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.mercadopago.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mobilpay.ro 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io ekyc.blob.core.windows.net apiro.id-kyc.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.typekit.net *.twimg.com *.trustedshops.com *.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com ipinfo.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net *.vimeocdn.com i.ytimg.com validator.swagger.io *.googleapis.com *.gstatic.com *.uimdc.b2b.unileverservices.com *.unilever.ca *.unilever.ch *.unilever.com *.unilever.co.th *.cloudflare.com *.google.com *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net *.youtube.com https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com *.ssl-images-amazon.it *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.es *.ssl-images-amazon.fr *.cookielaw.org *.unileverservices.com *.googletagmanager.com http://orderstreets.com.au http://www.orderstreets.com.au http://ulmarketdirect.com http://www.ulmarketdirect.com http://teloencargo.com.mx http://www.teloencargo.com.mx http://icmarketdirect.com http://www.icmarketdirect.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.googleapis.com *.gstatic.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com https://chimpstatic.com *.googletagmanager.com *.youtube.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com https://js-agent.newrelic.com https://bam.nr-data.net http://uk.switzerland.local/static/ *.cookielaw.org t.paypal.com ipinfo.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.bootstrapcdn.com *.cookielaw.org 'self' 'unsafe-inline'; object-src ipinfo.io 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.snplow.net commerce.adobedc.net api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.googleapis.com *.youtube.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.google.co.in *.facebook.com https://js-agent.newrelic.com https://bam.nr-data.net http://uk.switzerland.local/static *.onetrust.com *.cookielaw.org ipinfo.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://api.stripe.com; report-to report-endpoint; 1
report-uri https://events.mercadolibre.com/csp/reports?identifier=jRuisOMjDBl8yf2xetBFynFnOsHb9gusErSA-ooIZNQWVYMAKXgC-Po5d06V_KH5&policy_id=71&user_id=&request_id=1f846591-e42d-48b7-ab2c-3796efcf2916; report-to csp-endpoint; frame-ancestors 'none' 1
report-uri https://events.mercadolibre.com/csp/reports?identifier=jRuisOMjDBl8yf2xetBFynFnOsHb9gusErSA-ooIZNQWVYMAKXgC-Po5d06V_KH5&policy_id=71&user_id=&request_id=6d4ce5b4-2680-4911-a5fc-b3fd40c4919d; report-to csp-endpoint; frame-ancestors 'none' 1
script-src 'self' https://script.hotjar.com https://static.hotjar.com https://static.axept.io https://tr.snapchat.com https://code.jquery.com https://cdnjs.cloudflare.com https://uicdn.toast.com https://blueimp.github.io https://cdn-app.myLi.io/ https://tarteaucitron.io 'unsafe-inline' 'unsafe-eval' data: https://js.stripe.com https://*.gstatic.com https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://sc-static.net https://connect.facebook.net https://google.fr https://www.facebook.com https://analytics.tiktok.com https://try.abtasty.com ; img-src 'self' data: blob: https://axeptio.imgix.net https://pictures.myLi.io https://tarteaucitron.io https://*.google.fr https://www.facebook.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://uicdn.toast.com ; report-uri /repository/csppolicyviolationreporter.php 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://*.google.com *.doubleclick.net *.facebook.com *.newrelic.com *.multisafepay.com https://pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com *.multisafepay.com assets.myparcel.nl www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com *.multisafepay.com https://pay.google.com cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com downloads.mailchimp.com https://fonts.googleapis.com *.multisafepay.com cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net https://*.google.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com *.multisafepay.com api.myparcel.nl api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src cdn.rawgit.com cdn.jsdelivr.net fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com *.sagepay.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com *.sagepay.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com hmg-attachments.s3-eu-west-1.amazonaws.com maps.gstatic.com maps.googleapis.com ssl.google-analytics.com www.facebook.com cookie-cdn.cookiepro.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com api-js.mixpanel.com bam.nr-data.net maps.googleapis.com ssl.google-analytics.com cdn.pubble.io cookie-cdn.cookiepro.com connect.facebook.net *.elavon.com *.sagepay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src cdn.pubble.io cdn.rawgit.com cdn.jsdelivr.net fonts.googleapis.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com maps.googleapis.com *.google-analytics.com stats.g.doubleclick.net www.pubble.io cookie-cdn.cookiepro.com cookiepro.blob.core.windows.net *.elavon.com *.sagepay.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; report-to https://www.u-canshop.jp/cspReport/cspReport.jsp; 1
font-src *.fontawesome.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google.com/ *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.xtento.com cdn.xtento.com 'self' data: *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io *.adform.net *.doubleclick.net https://www.google.com/recaptcha/ www.xtento.com cdn.xtento.com *.google.com *.gstatic.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.fontawesome.com *.googleapis.com *.gstatic.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com t.elasticsuite.io *.google-analytics.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es https://store.plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es secure.payu.com merch-prod.snd.payu.com https://store.plumrocket.com api.razorpay.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es static.payu.com cdn.razorpay.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.avada.io secure.payu.com secure.snd.payu.com checkout.razorpay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es secure.payu.com merch-prod.snd.payu.com lumberjack.razorpay.com lumberjack-metrics.razorpay.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://www.google.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://img.paytrail.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.google.com *.gstatic.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com unsafe-inline assets.braintreegateway.com https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://fonts.gstatic.com 'self' data: *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.google.com *.google.com.co c.bing.com *.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com s7.addthis.com *.avada.io https://player.vimeo.com https://www.youtube.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.doubleclick.net analytics.google.com cdn.connectif.cloud *.hotjar.com *.clarity.ms connect.facebook.net *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com unpkg.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com ekr.zdassets.com/ https://get.geojs.io *.avada.io https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google.com.co analytics.google.com *.clarity.ms stats.g.doubleclick.net am1-api.connectif.cloud content.hotjar.io *.hotjar.com *.facebook.com *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.snapmint.com *.facebook.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.facebook.com https://www.facebook.com *.facebook.net 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.twitter.com *.youtube.com/ *.consensu.org *.sharethis.com *.snapmint.com *.facebook.net *.facebook.com api.razorpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.sharethis.com *.victorsport.in *.facebook.net *.facebook.com cdn.razorpay.com assets.snapmint.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trackedlink.net *.google.com *.sharethis.com *.snapmint.com *.facebook.net *.facebook.com *.avada.io checkout.razorpay.com api.snapmint.com assets.snapmint.com sandboxapi.snapmint.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.facebook.net *.facebook.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org *.sharethis.com *.snapmint.com *.facebook.net *.facebook.com https://get.geojs.io *.avada.io lumberjack.razorpay.com lumberjack-metrics.razorpay.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
worker-src blob:; font-src *.googleapis.com *.gstatic.com fonts.gstatic.com *.kxcdn.com *.fontawesome.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com google.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadolibre.com *.google.com/ mldp.mercadopago.com www.mercadolibre.com *.weltpixel.com cdn.dnky.co amc.demdex.net www.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com www.apptrian.com scontent.cdninstagram.com *.kxcdn.com *.twitter.com google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com imgmp.mlstatic.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar https://www.magezon.com www.mercadolibre.com www.mercadolibre.com.mx www.mercadolibre.com.ar www.mercadolibre.com.br a248.e.akamai.net mercadolivre.com.br www.mercadolivre.com.br www.mercadolivre.com.mx www.mercadolivre.com.ar www.mercadopago.com secure.mlstatic.com maps.gstatic.com maps.googleapis.com accounts.google.com *.cdninstagram.com *.fbcdn.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.apptrian.com google.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com www.facebook.com graph.facebook.com business.facebook.com *.mlstatic.com s7.addthis.com *.google.com/ http2.mlstatic.com secure.mlstatic.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com player.vimeo.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com google.com *.kxcdn.com *.gstatic.com *.fontawesome.com cdn.dnky.co tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com www.apptrian.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com ekr.zdassets.com/ api.mercadopago.com events.mercadopago.com www.mercadolibre.com api.comapi.com bam.nr-data.net https://www.google-analytics.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.mercadolibre.com https://www.google.com www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com www.facebook.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.mlstatic.com *.google.com https://www.gstatic.com *.avada.io www.sandbox.paypal.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline *.googleapis.com *.gstatic.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com www.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.mercadopago.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google-analytics.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com https://www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://connect.ekomi.de data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://connect.ekomi.de 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.paypalobjects.com 'self' 'unsafe-inline'; 1
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com maxcdn.bootstrapcdn.com *.fontawesome.com tbs.tradedoubler.com wickey.nl *.hotjar.com d3dc1lgancj6l0.cloudfront.net userlike-cdn-umm.b-cdn.net www.paypalobjects.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com wickey.us16.list-manage.com *.wickey.us16.list-manage.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net *.facebook.com js.mollie.com *.trustpilot.com tbs.tradedoubler.com forms.office.com ct.pinterest.com *.hotjar.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com  d3dc1lgancj6l0.cloudfront.net www.youtube.com *.mollie.com www.paypalobjects.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io camo.githubusercontent.com https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com https://www.mollie.com *.pixriot.com *.storeimaging.com *.ads.linkedin.com *.google-analytics.com *.squarelovin.com *.bing.com bing.com squarelovin.com *.trustedshops.com *.mollie.com *.pinterest.com *.consentmanager.net wickey.de wickey.nl tw.wickey.nl www.google.nl tw.wickey.de tw.wickey.at tw.wickey.ch tw.wickey.lu tw.wickey.fr tw.wickey.co.uk tw.wickey.ie tw.wickey.be tw.wickey.it tw.wickey.es tw.wickey.pt tw.wickey.dk tw.wickey.pl tw.wickey.cz tw.wickey.hu tw.wickey.sk tw.wickey.ro tw.wickey.hr tw.wickey.se tw.wickey.no tw.wickey.fi tw.wickey.bg www.google.fr www.google.de *.hotjar.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com d3upe020n1uosc.cloudfront.net www.userlike.com userlike-store-media-files.s3.amazonaws.com www.google.at www.google.ch www.google.lu www.google.co.uk www.google.ie www.google.be www.google.it www.google.es www.google.pt www.google.dk www.google.pl www.google.cz www.google.hu www.google.sk www.google.ro www.google.hr www.google.se www.google.no www.google.fi www.google.bg ik.imagekit.io cst-tag-monitor-2nd-gen-6k3dd6vtka-ew.a.run.app dashboard.edesk.com static.sooqr.com onlinedialogue.s3.eu-west-1.amazonaws.com t.squeezely.tech wickey.ams3.digitaloceanspaces.com wickey-test.ams3.digitaloceanspaces.com d2rfa446ja7yzb.cloudfront.net app.squeezely.tech tw.wickey.si tw.wickey.gr static.spotlersearch.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com js.mollie.com widgets.trustedshops.com js-agent.newrelic.com bat.bing.com *.googleadservices.com connect.facebook.net bam.nr-data.net squarelovin.com c.delivery.consentmanager.net cdn.consentmanager.net s.pinimg.com analytics.tiktok.com www.googleoptimize.com snap.licdn.com hst.tradedoubler.com swrap.tradedoubler.com static.cloudflareinsights.com tracking.s24.com tw.wickey.nl tw.wickey.de tw.wickey.at tw.wickey.ch tw.wickey.lu tw.wickey.fr tw.wickey.co.uk tw.wickey.ie tw.wickey.be tw.wickey.it tw.wickey.es tw.wickey.pt tw.wickey.dk tw.wickey.pl tw.wickey.cz tw.wickey.hu tw.wickey.sk tw.wickey.ro tw.wickey.hr tw.wickey.se tw.wickey.no tw.wickey.fi tw.wickey.bg delivery.consentmanager.net cdn.stape.io *.hotjar.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com api.userlike.com d3dc1lgancj6l0.cloudfront.net ajax.cloudflare.com d5yoctgpv4cpx.cloudfront.net userlike-cdn-umm.b-cdn.net onlinedialogue.s3.eu-west-1.amazonaws.com widgets.xsellco.com static.sooqr.com dynamic.sooqr.com *.neoday.com js.neoday.com cdn.ablyft.com squeezely.tech analytics.optimalpeople.fr connect.getflowbox.com ct.pinterest.com static.spotlersearch.com spotlersearchanalytics.com dynamic.spotlersearch.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com maxcdn.bootstrapcdn.com *.fontawesome.com squarelovin.com *.hotjar.com tagmanager.google.com widgets.xsellco.com static.sooqr.com static.spotlersearch.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com d3dc1lgancj6l0.cloudfront.net userlike-store-media-files.s3.amazonaws.com www.userlike.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.pixriot.com *.storeimaging.com ct.pinterest.com *.wickey.de stats.g.doubleclick.net analytics.tiktok.com bam.nr-data.net bat.bing.com www.google.com googleads.g.doubleclick.net region1.analytics.google.com region1.google-analytics.com tw.wickey.nl www.google.nl tw.wickey.de tw.wickey.at tw.wickey.ch tw.wickey.lu tw.wickey.fr tw.wickey.co.uk tw.wickey.ie tw.wickey.be tw.wickey.it tw.wickey.es tw.wickey.pt tw.wickey.dk tw.wickey.pl tw.wickey.cz tw.wickey.hu tw.wickey.sk tw.wickey.ro tw.wickey.hr tw.wickey.se tw.wickey.no tw.wickey.fi tw.wickey.bg www.google.fr www.google.de *.hotjar.com *.hotjar.io wss://*.hotjar.com www.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com api.userlike.com wss://umd.userlike.com umd.userlike.com d3upe020n1uosc.cloudfront.net d3dc1lgancj6l0.cloudfront.net www.google.at www.google.ch www.google.lu www.google.co.uk www.google.ie www.google.be www.google.it www.google.es www.google.pt www.google.dk www.google.pl www.google.cz www.google.hu www.google.sk www.google.ro www.google.hr www.google.se www.google.no www.google.fi www.google.bg rkkck31tec.execute-api.eu-central-1.amazonaws.com widgets.xsellco.com firehose.eu-central-1.amazonaws.com cognito-identity.eu-central-1.amazonaws.com gateway.wickey.neo.day log.ablyft.com analytics.pangle-ads.com analytics.optimalpeople.fr trustbadge.api.etrusted.com gateway.getflowbox.com a.getflowbox.com tw.wickey.si tw.wickey.gr api.trustedshops.com shops-si.trustedshops.com api.trustbadge.etrusted.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://wickey.de/; report-to report-endpoint; 1
worker-src blob:; font-src fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com *.online-metrix.net ct.pinterest.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com ad.doubleclick.net adservice.google.com googleads.g.doubleclick.net www.google.com *.pinimg.com c.bing.com bat.bing.com www.facebook.com *.clarity.ms *.wonderbra.ca data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com player.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ www.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com polyfill.io testflex.cybersource.com flex.cybersource.com *.online-metrix.net js.datadome.co cdn.noibu.com analytics.tiktok.com *.facebook.net bat.bing.com *.acuityplatform.com tags.srv.stackadapt.com s.pinimg.com googleads.g.doubleclick.net *.clarity.ms https://qvdt3feo.com :blob 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com tags.srv.stackadapt.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src analytics.google.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com api-js.datadome.co *.clarity.ms ct.pinterest.com www.google-analytics.com stats.g.doubleclick.net analytics.tiktok.com tags.srv.stackadapt.com https://gtm-n9mwzn4k-n2ywn.uc.r.appspot.com www.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://events.mercadolibre.com/csp/reports?identifier=jRuisOMjDBl8yf2xetBFynFnOsHb9gusErSA-ooIZNQWVYMAKXgC-Po5d06V_KH5&policy_id=71&user_id=&request_id=05351dd8-fc6e-495f-9b5c-ccc06641c4cf; report-to csp-endpoint; frame-ancestors 'none' 1
base-uri 'self'; default-src 'self'; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru https://vk.com https://top-fwz1.mail.ru https://widget.me-talk.ru wss://widget.me-talk.ru https://static.me-talk.ru https://tagmanager.google.com https://www.googletagmanager.com https://score.juicyscore.net https://mc.yandex.ru https://zaymer-api-stage.itrf.tech/socket.io https://www.zaymer.ru/socket.io https://covenant-eu.robocash.global; script-src 'sha256-wjUOp0cRUfvJ+K4mz964J+KsOUwnzoteJTxMn7P5UMA=' 'nonce-b67mpDzVb+tnt0pP5YMXGA==' 'self' 'self' 'sha256-TVh24Vdb7GTzT63NsxngfGhs0KMXeoymEQStL6oHOQM=' https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://static.cloudflareinsights.com https://mc.yandex.ru https://yastatic.net https://admin.verbox.ru https://top-fwz1.mail.ru https://vk.com https://static.me-talk.ru https://tagmanager.google.com https://score.juicyscore.net; img-src 'self' https://www.googletagmanager.com https://www.google.ru https://www.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://mc.yandex.ru https://top-fwz1.mail.ru https://vk.com data:; font-src 'self' https://fonts.gstatic.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; frame-src 'self' www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://mc.yandex.ru https://top-fwz1.mail.ru blob:; form-action 'self'; frame-ancestors 'none'; child-src https://mc.yandex.ru blob: ; object-src 'none'; report-uri https://covenant-eu.robocash.global/report/zaymer-ru-front 1
default-src 'self' media1.jpc.de wom.de; frame-ancestors 'none'; object-src 'none'; base-uri 'self'; script-src 'self' media1.jpc.de wom.de 'nonce-joZmx04Zr23OHXIX67Lq177TpCD9YF2IuAnjydzWsboC+WZxsjzgfXL1cC4Q8XrvplNbTgeC8IymDGUT8Su7Ew==' 'report-sample'; style-src 'self' media1.jpc.de wom.de 'report-sample' 'unsafe-inline'; font-src 'self' media1.jpc.de wom.de; img-src 'self' media1.jpc.de wom.de data:; connect-src 'self' media1.jpc.de wom.de https://use.jpc.de; report-uri /csp/; report-to csp-endpoint 1
object-src 'none';base-uri 'self';script-src 'nonce-iarpX2SEMpNoWEStg6BUVA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-wl17vTMl1Om01UC9znr24w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
img-src https://higherlogicdownload.s3.amazonaws.com/PTG/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/PTG/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/PTG/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' https://higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/PTG/ https://higherlogicdownload.s3.amazonaws.com/PTG/ https://higherlogiclongterm.s3.amazonaws.com/PTG/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogiccloudfront.s3.amazonaws.com https://higherlogicdownload.s3.amazonaws.com/PTG/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/PTG/ 'self' https://higherlogiclongterm.s3.amazonaws.com/PTG/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; media-src https://higherlogiclongterm.s3.amazonaws.com/PTG/ https://higherlogicdownload.s3.amazonaws.com/PTG/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/PTG/ https://higherlogicstream.s3.amazonaws.com/PTG/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/PTG/ https://higherlogicdownload.s3.amazonaws.com/PTG/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/hlqui-2024-05-08.js https://d132x6oi8ychic.cloudfront.net https://cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/PTG/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/hlq-2024-05-08.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; script-src-elem https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/hlqui-2024-05-08.js https://d3uf7shreuzboy.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/hlq-2024-05-08.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; default-src 'self'; base-uri 'self'; connect-src 'self' https://hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1
font-src fonts.gstatic.com use.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.yotpo.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com *.magento-datasolutions.com *.magento-ds.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.plugins.emarsys.net *.scarabresearch.com *.yotpo.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com *.magento-datasolutions.com *.magento-ds.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com commerce.adobe.io performance.typekit.net *.magento-datasolutions.com *.magento-ds.com *.adobe.io connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com sessions.bugsnag.com *.scarabresearch.com *.eservice.emarsys.net *.yotpo.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://gapi.storyblok.com https://api.storyblok.com https://a.storyblok.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.wistia.com https://*.wistia.net netlify-cdp-loader.netlify.app 'unsafe-inline' blob: data:; script-src 'nonce-NvSFvYA8xbUTIOs7T8sn4spfm1Nydj3b' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'self' https: http:'nonce-fyWC5016x6ftq+JW4lqOMYUQBGSxIvQU' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'self' https: http:'self' 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com https://*.storyblok.com https://netlify-rum.netlify.app https://*.wistia.com https://*.wistia.net https://src.litix.io *.visualwebsiteoptimizer.com app.vwo.com https://www.googletagmanager.com https://tagmanager.google.com https://*.onetrust.com https://*.google-analytics.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com googleads.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net https://js.driftt.com https://widget.drift.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com https://fast.wistia.com https://*.onetrust.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com https://www.googletagmanager.com https://tagmanager.google.com blob:; img-src 'self' https://*.hotjar.com https://*.storyblok.com https://*.wistia.com https://*.wistia.net *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://*.onetrust.com https://*.doubleclick.net https://*.bing.com https://*.google-analytics.com www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com googleads.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net data:; connect-src 'self' https://*.storyblok.com https://*.wistia.com https://*.wistia.net https://*.algolia.net *.visualwebsiteoptimizer.com app.vwo.com ingesteer.services-prod.nsvcs.net https://*.onetrust.com https://*.hotjar.com https://*.hotjar.io wss://ws.hotjar.com https://*.google.com https://*.bing.com https://*.litix.io https://*.doubleclick.net https://gapi.storyblok.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://www.googletagmanager.com px.ads.linkedin.com px4.ads.linkedin.com www.facebook.com connect.facebook.net; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com https://*.wistia.com data:; object-src 'self'; frame-src 'self' https://gapi.storyblok.com app.netlify.com netlify-cdp-loader.netlify.app https://*.vwo.com https://*.youtube-nocookie.com https://dev.visualwebsiteoptimizer.com https://fast.wistia.com https://fast.wistia.net https://td.doubleclick.net app.vwo.com *.visualwebsiteoptimizer.com https://js.driftt.com https://widget.drift.com info.leap.us; worker-src 'self' blob:; media-src 'self' https://*.wistia.com https://*.wistia.net https://js.driftt.com https://widget.drift.com blob: data:; base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://app.storyblok.com; script-src-elem 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s.adroll.com https://*.wistia.com https://*.bing.com https://*.onetrust.com https://netlify-rum.netlify.app; script-src-attr 'self' 'unsafe-inline'; child-src blob:; upgrade-insecure-requests; report-uri /.netlify/functions/__csp-violations 1
default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'report-sample' 'self' cdn.jsdelivr.net www.google-analytics.com cdn-cookieyes.com www.google.com www.googletagmanager.com www.gstatic.com gstatic.com google.com googletagmanager.com; style-src 'unsafe-inline' 'report-sample' 'self' use.typekit.net p.typekit.net; object-src 'none'; base-uri 'self'; connect-src 'self' www.google-analytics.com www.yoast.com yoast.com stats.g.doubleclick.net region1.analytics.google.com www.analytics.google.com cdn-cookieyes.com log.cookieyes.com directory.cookieyes.com; font-src 'self' use.typekit.net data:; frame-ancestors 'self'; frame-src 'self' www.google.com google.com; img-src 'self' data: google-analytics.com www.google-analytics.com google.com www.google.com secure.gravatar.com www.w3.org gravatar.com w3c.org cdn-cookieyes.com google.nl www.google.nl; manifest-src 'self'; media-src 'self'; worker-src 'self'; 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com fonts.googleapis.com maxcdn.bootstrapcdn.com use.typekit.net 'self' data: fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.authorize.net js.stripe.com hooks.stripe.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://images.unsplash.com store.paradoxlabs.com https://a.klaviyo.com https://redchamps.com *.hsforms.net *.hsforms.com hello.zonos.com dgjcoqnzn763b.cloudfront.net 'self' data: www.xtento.com cdn.xtento.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://fast.a.klaviyo.com *.authorize.net js.stripe.com *.hsforms.net *.hsforms.com static.zdassets.com hello.zonos.com *.zinrelo.com d395yjvh5spyzw.cloudfront.net static-tracking.klaviyo.com *.google.com www.xtento.com cdn.xtento.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com static.klaviyo.com *.typekit.net *.googleapis.com *.gstatic.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.klaviyo.com https://fast.a.klaviyo.com *.authorize.net *.stripe.com t.elasticsuite.io *.hsforms.net *.hsforms.com hello.zonos.com ekr.zdassets.com halftimebeverage.zendesk.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://report-uri.cmcmarkets.com/csp; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.gstatic.com https://oaf.cmcmarkets.com https://p.teads.tv https://assets.cmcmarkets.com https://cdn-ukwest.onetrust.com https://cdn.amplitude.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net https://*.go-mpulse.net https://script.hotjar.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js https://static.hotjar.com https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://utt.impactcdn.com https://widget.trustpilot.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com/gtm.js https://www.redditstatic.com/ads/pixel.js https://www.youtube.com/player_api https://fast.wistia.com https://eficlient.heckyl.com https://z.moatads.com https://www.youtube.com https://s.go-mpulse.net https://script.hotjar.com https://snap.licdn.com https://static.hotjar.com https://unpkg.com https://utt.impactcdn.com https://www.redditstatic.com https://script.hotjar.com https://static.hotjar.com https://s.go-mpulse.net https://cdn-ukwest.onetrust.com https://widget.trustpilot.com https://www.google.com http://assets.cmcmarkets.com https://cdn.amplitude.com https://cdn.optimizely.com https://chat.cmcmarkets.com https://jssdkcdns.mparticle.com https://platform.twitter.com https://www.linkedin.com https://www.google-analytics.com https://cdn.appdynamics.com https://connect.facebook.net https://www.googletagmanager.com https://ds-aksb-a.akamaihd.net http://bat.bing.com http://static.ads-twitter.com http://uat-assets.cmcmarkets.com http://www.googleadservices.com https://analytics.twitter.com https://assets.cmcmarkets.com https://bat.bing.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://sjs.bizographics.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://cdn.linkedin.oribi.io https://rs.fullstory.com https://api.amplitude.com https://assets.cmcmarkets.com https://cdn-ukwest.onetrust.com https://col.eum-appdynamics.com https://geolocation.onetrust.com https://identity.mparticle.com https://in.hotjar.com https://jssdkcdns.mparticle.com https://jssdks.mparticle.com https://oaf.cmcmarkets.com https://privacyportal-uk.onetrust.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com https://www.google-analytics.com wss://*.hotjar.com https://*.addthis.com https://m.addthis.com https://api-public.addthis.com https://connect.facebook.net https://px.ads.linkedin.com https://analytics.twitter.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.linkedin.com https://logx.optimizely.com https://www.google-analytics.com https://*.akstat.io https://c.go-mpulse.net https://*.techlab-cdn.com https://privacyportal-uk.onetrust.com https://*.google-analytics.com https://*.braze.eu https://stats.g.doubleclick.net https://in.hotjar.com  https://*.googletagmanager.com; font-src 'self' data: https://assets.cmcmarkets.com https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' https://lpcdn.lpsnmedia.net https://www.facebook.com https://oaf.cmcmarkets.com https://*.doubleclick.net https://signup.cmcmarkets.com https://vars.hotjar.com https://widget.trustpilot.com https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com https://*.addthis.com https://eficlient.heckyl.com; img-src 'self' data: https://px.ads.linkedin.com https://www.linkedin.com https://col.eum-appdynamics.com https://alb.reddit.com https://analytics.twitter.com https://assets.cmcmarkets.com https://cdn-ukwest.onetrust.com https://chat.cmcmarkets.com https://googleads.g.doubleclick.net https://i.ytimg.com https://px.ads.linkedin.com https://t.co https://www.google-analytics.com https://www.google.co.uk https://www.google.com https://*.ytimg.com https://*.cmcmarkets.com http://bat.bing.com http://t.co https://www.facebook.com https://ds-aksb-a.akamaihd.net https://stats.g.doubleclick.net https://www.googletagmanager.com https://analytics.twitter.com https://cdn-ukwest.onetrust.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com; manifest-src 'self'; media-src 'self' https://assets.cmcmarkets.com https://chat.cmcmarkets.com https://*.akstat.io https://c.go-mpulse.net https://in.hotjar.com https://*.google-analytics.com https://*.hotjar.com https://*.algolia.net https://*.algolianet.com wss://*.hotjar.com https://api-public.addthis.com https://m.addthis.com; worker-src 'none'; style-src 'self' 'unsafe-inline' https://assets.cmcmarkets.com http://assets.cmcmarkets.com https://chat.cmcmarkets.com https://use.fontawesome.com; 1
font-src *.fontawesome.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com checkout.airwallex.com checkout-demo.airwallex.com h.online-metrix.net/ pci-api-demo.airwallex.com demo-pacybsmock.airwallex.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.refersion.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.online-metrix.net/ *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ checkout.airwallex.com h.online-metrix.net/ *.googletagmanager.com *.facebook.net *.fontawesome.com *.googleapis.com *.gstatic.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.refersion.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com checkout.airwallex.com h.online-metrix.net/ *.google-analytics.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.refersion.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.googletagmanager.com assets.adobedtm.com analytics.google.com *.doubleclick.net *.scene7.com *.omtrdc.net *.everesttech.net *.demdex.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
script-src 'self' 'unsafe-inline' https://static.b-ite.com https://cs-assets.b-ite.com https://code.jquery.com https://beteiligung.nrw.de/portal/widgets/widgets-api.js https://api.service-digitale-verwaltung.de/ cdn.jsdelivr.net code.etracker.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://rebilly.github.io platform.instagram.com platform.twitter.com sf1-eu.readspeaker.com www.etracker.de; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://api.service-digitale-verwaltung.de/ https://use.typekit.net/ https://p.typekit.net/ https://cdnjs.cloudflare.com sf1-eu.readspeaker.com 1
object-src 'none';base-uri 'self';script-src 'nonce-_SOIP-h94tvIhtpXJC7ZFg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'none' ; manifest-src 'self' ; object-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.cookielaw.org e.eltonjohnaidsfoundation.org connect.facebook.net bat.bing.com www.youtube.com www.clarity.ms www.googletagmanager.com ajax.googleapis.com www.google-analytics.com *.dotdigital-pages.com tgbwidget.com js.dev.shift4.com www.dafdirect.org giveamply.com; style-src 'self' 'unsafe-inline' use.typekit.net p.typekit.net www.dafdirect.org; img-src 'self' data: cdn.cookielaw.org bat.bing.com www.google.com www.facebook.com www.google.co.tz www.google-analytics.com *.cdninstagram.com i.ytimg.com www.dafdirect.org www.googletagmanager.com *.clarity.ms www.google.co.za www.google.co.uk www.google.ca www.google.co.sa www.google.com.pk *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat ; font-src 'self' data: use.typekit.net ; connect-src 'self' data: *.onetrust.com cdn.cookielaw.org *.analytics.google.com *.clarity.ms *.google-analytics.com stats.g.doubleclick.net bat.bing.com analytics.google.com www.google.co.uk www.google.ca www.google.co.sa www.google.com.pk api-js.mixpanel.com www.facebook.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat ; media-src 'self' ; form-action 'self' www.facebook.com; frame-src 'self' e.eltonjohnaidsfoundation.org facebook.com www.youtube.com tgbwidget.com www.giveamply.com r1.dotdigital-pages.com www.youtube-nocookie.com; worker-src 'self' blob: ; report-to csp-endpoint	 1
object-src 'none';base-uri 'self';script-src 'nonce-IulAUQv1XIhM266molbNZg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src blob: https:;	img-src data: https:;	script-src 'unsafe-inline' 'unsafe-eval' blob: https:;	style-src 'unsafe-inline' https:;	font-src data: https:;	frame-src https:;	media-src data: https:;	object-src 'none';	connect-src https:;	frame-ancestors 'self'; 1
default-src 'self' https://dictionaryofsydney.org https://*.dictionaryofsydney.org https://*.sl.nsw.gov.au data:; script-src 'report-sample' 'self' https://dictionaryofsydney.org https://*.dictionaryofsydney.org https://*.sl.nsw.gov.au https://s7.addthis.com https://www.google-analytics.com https://www.googletagmanager.com https://maps.googleapis.com 'unsafe-eval' 'unsafe-inline'; object-src 'none'; style-src 'report-sample' 'self' https://dictionaryofsydney.org https://*.dictionaryofsydney.org https://cloud.typography.com https://*.sl.nsw.gov.au 'unsafe-inline'; img-src 'self' https://dictionaryofsydney.org https://*.dictionaryofsydney.org https://*.sl.nsw.gov.au https://*.wp.com https://www.google.com.au https://*.google-analytics.com https://*.analytics.google.com https://s3.ap-southeast-2.amazonaws.com https://maps.gstatic.com https://www.googletagmanager.com data:; media-src 'self' https://dictionaryofsydney.org https://*.dictionaryofsydney.org https://*.sl.nsw.gov.au https://*.wp.com https://s3.ap-southeast-2.amazonaws.com; frame-src 'self'; frame-ancestors 'self'; child-src 'self'; font-src 'self' https://*.sl.nsw.gov.au https://fonts.gstatic.com data:; connect-src 'self' https://dictionaryofsydney.org https://*.dictionaryofsydney.org https://*.sl.nsw.gov.au https://analytics.google.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://www.google.com.au https://maps.googleapis.com https://stats.g.doubleclick.net https://translate.googleapis.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/chromeos_google 1
font-src fonts.googleapis.com fonts.gstatic.com *.klevu.com *.ksearchnet.com https://fonts.gstatic.com cdnjs.cloudflare.com www.slant.co data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.shopperapproved.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com www.google.com maps.googleapis.com maps.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com www.youtube.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io fonts.googleapis.com maps.googleapis.com maps.gstatic.com unpkg.com https://www.shopperapproved.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com store.paradoxlabs.com *.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com *.cookielaw.org data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ apis.google.com www.google.com www.gstatic.com maps.googleapis.com maps.gstatic.com unpkg.com https://www.shopperapproved.com https://direct.shopperapproved.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.authorize.net https://www.googletagmanager.com tagmanager.google.com cdn.jsdelivr.net *.cloudflareinsights.com *.cloudflare.com *.cookielaw.org *.hotjar.com static.addtoany.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.css fonts.googleapis.com maps.googleapis.com maps.gstatic.com unpkg.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com assets.braintreegateway.com *.googleapis.com *.addtoany.com tagmanager.google.com cdn.jsdelivr.net cdnjs.cloudflare.com hello.myfonts.net https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com http://dpm.demdex.net *.authorize.net https://www.google-analytics.com a.klaviyo.com *.cloudflare.com *.cookielaw.org *.doubleclick.net *.hotjar.io *.onetrust.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.klarnacdn.net fonts.googleapis.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.paypal.com *.wistia.net *.criteo.com *.pinterest.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.wistia.com *.wistia.net *.google.com *.criteo.com *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudflare.com *.klaviyo.com *.wistia.com *.wistia.net *.zdassets.com *.newrelic.com *.nr-data.net *.criteo.com *.criteo.net *.pinimg.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klarnacdn.net https://static.klaviyo.com fonts.googleapis.com fonts.gstatic.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com stats.g.doubleclick.net www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kmail-lists.com *.klarnauserservices.com *.zendesk.com *.zdassets.com *.zopim.com wss://*.zendesk.com wss://*.zopim.com *.wistia.com *.litix.io *.nr-data.net google-analytics.com *.google-analytics.com *.pinterest.com *.signifyd.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: translate.google.com mynjhelps.gov *.gstatic.com *.googleapis.com www.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src secure.authorize.net test.authorize.net player.vimeo.com *.youtube.com *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com *.vimeocdn.com i.ytimg.com www.googleadservices.com www.google-analytics.com *.multisafepay.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com www.googleadservices.com www.google-analytics.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.avada.io *.multisafepay.com https://pay.google.com www.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com *.multisafepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com https://*.ingest.sentry.io https://get.geojs.io *.avada.io *.multisafepay.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-4mR5QKN9FzS1T1U1s5C1Rg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' data: 'self' blob: maps.googleapis.com www.gstatic.com www.google.com *.cloudmaestro.com *.addthis.com z.moatads.com v1.addthisedge.com www.googletagmanager.com www-google-analytics.com edge.fullstory.com assets.shipperhq.com www.google-analytics.com assets.juicer.io freegeoip.app rs.fullstory.com; report-uri /.webscale/csp-report 1
frame-ancestors 'none'; frame-src 'self' https://accounts.google.com https://content-sheets.googleapis.com; block-all-mixed-content; object-src 'none'; worker-src 'self'; form-action 'none'; base-uri 'none'; report-to default; 1
default-src https: 'self' data:; script-src 'unsafe-eval' 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https: 1
style-src 'self' 'unsafe-inline' *.helsana.ch fonts.googleapis.com translate.googleapis.com;style-src-elem 'self' 'unsafe-inline' *.helsana.ch fonts.googleapis.com translate.googleapis.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net interaktiv.contilla.de use.fontawesome.com;img-src 'self' data: *.helsana.ch *.pinterest.com s0.2mdn.net bat.bing.com www.facebook.com connect.facebook.net cm.everesttech.net dpm.demdex.net apple-resources.s3.amazonaws.com  *.applemediaservices.com *.googlesyndication.com *.gstatic.com maps.googleapis.com www.googleadservices.com www.googletagmanager.com www.google-analytics.com *.doubleclick.net  t.co *.linkedin.com *.google.com *.google.ch *.google.de *.google.fr *.google.li *.google.it *.google.ad *.google.ae *.google.al *.google.at *.google.ba *.google.be *.google.bf *.google.bg *.google.bj *.google.ca *.google.cd *.google.cg *.google.ci *.google.cl *.google.cm *.google.cn *.google.cz *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.ga *.google.gr *.google.ht *.google.hr *.google.hu *.google.ie *.google.iq *.google.jo *.google.lk *.google.lt *.google.lu *.google.lv *.google.me *.google.mg *.google.ml *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.si *.google.sk *.google.sn *.google.tg *.google.tn *.google.tt *.google.vg *.google.co.ao *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ma *.google.co.th *.google.co.uk *.google.co.za *.google.com.af *.google.com.ar *.google.com.au *.google.com.bh *.google.com.bo *.google.com.br *.google.com.co *.google.com.cy *.google.com.ec *.google.com.eg *.google.com.gh *.google.com.hk *.google.com.kh *.google.com.lb *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ni *.google.com.pe *.google.com.pk *.google.com.py *.google.com.sa *.google.com.sg *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.vn userlike-cdn-operators.s3-eu-west-1.amazonaws.com d3upe020n1uosc.cloudfront.net www.userlike.com userlike-store-media-files.s3.amazonaws.com i.ytimg.com interaktiv.contilla.de;font-src 'self' data: *.gstatic.com d3dc1lgancj6l0.cloudfront.net use.fontawesome.com *.helsana.ch;media-src 'self' data: blob: *.helsana.ch d3dc1lgancj6l0.cloudfront.net userlike-store-media-files.s3.amazonaws.com www.userlike.com;object-src 'none';worker-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.helsana.ch cdn.cookielaw.org static.ads-twitter.com analytics.twitter.com *.pinterest.com s.pinimg.com *.gstatic.com api.microsofttranslator.com bat.bing.com www.google.ch www.google.com www.google.de www.google.fr *.googlesyndication.com *.doubleclick.net www.googletagservices.com consentcdn.cookiebot.com analytics.twitter.com snap.licdn.com www.googleadservices.com www.google-analytics.com connect.facebook.net consent.cookiebot.com cdn.tt.omtrdc.net  maps.googleapis.com www.googletagmanager.com  assets.adobedtm.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: *.helsana.ch cdn.cookielaw.org static.ads-twitter.com snap.licdn.com analytics.twitter.com *.pinterest.com s.pinimg.com *.gstatic.com api.microsofttranslator.com bat.bing.com  www.google.ch www.google.com www.google.de www.google.fr *.googlesyndication.com *.doubleclick.net www.googletagservices.com consentcdn.cookiebot.com www.googleadservices.com www.google-analytics.com connect.facebook.net consent.cookiebot.com cdn.tt.omtrdc.net maps.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com assets.adobedtm.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net interaktiv.contilla.de;connect-src 'self' wss://*.helsana.ch *.helsana.ch maps.googleapis.com privacyportal-eu.onetrust.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.cookielaw.org api.sitesearch360.com *.ads-twitter.com *.linkedin.com *.pinterest.com api.openweathermap.org  www.facebook.com www.bing.com bat.bing.com *.googlesyndication.com  *.google.com *.doubleclick.net www.google-analytics.com  tt.omtrdc.net dpm.demdex.net wss://umd.userlike.com umd.userlike.com api.userlike.com d3upe020n1uosc.cloudfront.net www.userlike.com api.friendlycaptcha.com eu-api.friendlycaptcha.eu interaktiv.contilla.de;frame-src 'self' *.helsana.ch *.pinterest.ch *.pinterest.com *.google.com *.googlesyndication.com bid.g.doubleclick.net  consentcdn.cookiebot.com www.youtube.com fls.doubleclick.net assets.adobedtm.com  www.facebook.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net www.youtube.com player.vimeo.com *.undpartner.digital;frame-ancestors 'self' *.helsana.ch;report-uri https://helsana.report-uri.com/r/d/csp/wizard;report-to wizard; 1
font-src *.squarecdn.com *.fontawesome.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.yotpo.com *.googleapis.com *.gstatic.com cdn.icomoon.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.reviews.io *.reviews.co.uk *.paymentexpress.com *.windcave.com *.yotpo.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com widgets.sandbox.afterpay.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com https://accounts.google.com *.reviews.io *.reviews.co.uk *.weltpixel.com *.paymentexpress.com *.windcave.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com www.xtento.com *.yotpo.com *.laybuy.com www.facebook.com *.hotjar.com *.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.afterpay.com/ *.trackedlink.net *.alothemes.com *.magepow.com *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudfront.net *.reviews.io *.reviews.co.uk t.zip.co static.zipmoney.com.au www.xtento.com cdn.xtento.com *.yotpo.com *.googleapis.com *.gstatic.com *.tawk.to cdn.jsdelivr.net *.laybuy.com www.facebook.com *.google.com *.google.co.nz *.google.com.au *.paypalobjects.com *.clarity.ms *.bing.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.addressfinder.io https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net polyfill.io *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com s7.addthis.com *.avada.io *.alothemes.com *.magepow.com *.nosto.com *.nos.to js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://accounts.google.com https://www.gstatic.com *.reviews.io *.reviews.co.uk *.maxmind.com static.zipmoney.com.au zip.co www.xtento.com cdn.xtento.com *.yotpo.com *.authorize.net *.googleapis.com *.vimeo.com *.googletagmanager.com *.google-analytics.com *.cardinalcommerce.com *.addressfinder.io *.polyfill.io *.addthis.com *.tawk.to cdn.jsdelivr.net *.google.com *.gstatic.com js-agent.newrelic.com bam.nr-data.net *.facebook.net *.laybuy.com *.hotjar.com *.doubleclick.net *.googleadservices.com *.clarity.ms *.3wisemen.co.nz static.zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://api.addressfinder.io static.afterpay.com/ *.squarecdn.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.fontawesome.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com *.nosto.com *.nos.to unsafe-inline assets.braintreegateway.com https://accounts.google.com https://www.gstatic.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.yotpo.com *.googleapis.com cdn.icomoon.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://api.addressfinder.io *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.algolia.net *.algolia.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://accounts.google.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.mmapiws.com *.yotpo.com *.facebook.net *.algolianet.com ekr.zdassets.com *.googleapis.com *.tawk.to bam.nr-data.net *.google-analytics.com *.laybuy.com *.doubleclick.net t.labs.au.edge.zip.co in.hotjar.com *.hotjar.io *.clarity.ms *.addressfinder.io *.googlesyndication.com sst.3wisemen.co.nz 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src www.facebook.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' ; style-src 'unsafe-inline' 'self'; script-src 'self' 'unsafe-eval' http://mc.yandex.ru/ https://mc.yandex.ru/ http://pagead2.googlesyndication.me/ https://pagead2.googlesyndication.me/ http://c.hit.ua http://counter.yadro.ru/ https://googleads.g.doubleclick.net/ http://vk.me https://apis.google.me https://accounts.google.me; img-src 'self' data: http://counter.yadro.ru/ http://c.hit.ua/ http://mc.yandex.ru http://vk.me/ ; connect-src https://mc.yandex.ru/ ; frame-src https://googleads.g.doubleclick.net https://apis.google.me http://vk.me https://accounts.google.me/ 1
frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report 1
font-src 'self' https://*.slidesync.com data:; img-src 'self' https://*.slidesync.com data:; object-src 'none'; script-src 'self' https://*.slidesync.com 'nonce-T6B/ZfLbykKzoW1o+XokIg=='; style-src 'self' https://*.slidesync.com 'unsafe-inline'; style-src-elem 'self' https://*.slidesync.com data: 'unsafe-inline'; worker-src 'self' https://*.slidesync.com blob:; media-src 'self' https://*.slidesync.com blob: https://*.dlh.de https://*.swiss.com https://*.skylines.global https://*.thyssenkrupp.com https://*.steeleu.com; default-src 'self' https://*.slidesync.com https://*.awswaf.com; connect-src 'self' https://*.slidesync.com wss: https://slidesync-assets-prd-aws-eu-west-1.s3-eu-west-1.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com https://*.dlh.de https://*.swiss.com https://*.skylines.global https://*.thyssenkrupp.com https://*.steeleu.com; report-uri https://sentry.slidesync.com/api/3/security/?sentry_key=a2a3a2b433114c71814044620a044882; frame-src https://*.sli.do 1
object-src 'none'; script-src 'self' 'unsafe-inline' https://statistiques.neuillysurseine.fr http://code.highcharts.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.highcharts.com https://unpkg.com mdbootstrap.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://unpkg.com mdbootstrap.com use.fontawesome.com 1
require-trusted-types-for 'script';report-uri /_/ShoppingUi/cspreport 1
font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com maxcdn.bootstrapcdn.com *.cloudfront.net *.reviews.co.uk *.stagescycling.com *.bugherd.com *.cloudflare.com data: *.google.co.uk *.google.com google.com *.googleusercontent.com *.facebook.net *.braintree-api.com *.braintreegateway.com *.sciencebehindecommerce.com *.dwin1.com *.awin1.com *.zenaps.com *.acsbapp.com acsbapp.com *.accessibe.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.icomoon.io *.reviews.io www.googletagmanager.com googletagmanager.com tagmanager.google.com *.pinterest.com *.pinimg.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com *.cybersource.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com *.reviews.io *.reviews.co.uk *.affirm.com *.bluesnap.com *.braintree-api.com *.braintreegateway.com data: *.facebook.net *.klarnaevt.com *.klarnacdn.net *.klarna.com www.googletagmanager.com googletagmanager.com tagmanager.google.com *.postaffiliatepro.com *.sharethis.com *.sleeknote.com *.sciencebehindecommerce.com *.dwin1.com *.awin1.com *.zenaps.com *.acsbapp.com acsbapp.com *.accessibe.com *.pinterest.com *.pinimg.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com *.google.com *.doubleclick.net *.facebook.com *.affirm.com *.affirm.ca *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com *.mention-me.com *.cybersource.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com *.reviews.co.uk *.stagescycling.com *.acsbapp.com acsbapp.com *.accessibe.com *.bluesnap.com *.cloudflare.com *.google.co.uk google.com *.gstatic.com *.googleapis.com *.googleusercontent.com *.googlesyndication.com *.facebook.net data: *.reviews.io *.braintreegateway.com *.kaptcha.com *.paypalobjects.com *.braintree-api.com *.geoplugin.net *.tagserve.com *.klarnaevt.com *.klarnacdn.net *.klarna.com www.googletagmanager.com googletagmanager.com tagmanager.google.com *.bugherd.com *.zenaps.com *.hotjar.com *.arcot.com *.pinterest.com *.pinimg.com *.sleeknote.com *.trackjs.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ flagpedia.net store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudfront.net *.reviews.co.uk *.stagescycling.com *.acsbapp.com acsbapp.com *.accessibe.com *.bluesnap.com *.cloudflare.com *.google.co.uk google.com *.googleusercontent.com *.googlesyndication.com *.google-analytics.com *.googleadservices.com *.ytimg.com *.paypalobjects.com blob: *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.online-metrix.net *.payments-amazon.com *.reviews.io *.geoplugin.net *.tagserve.com *.klarnaevt.com *.klarnacdn.net *.klarna.com googletagmanager.com tagmanager.google.com *.sleeknote.com *.bing.com *.awin.com *.awin1.com *.dwin1.com *.magentocommerce.com *.zenaps.com *.trackjs.com *.hotjar.com *.arcot.com *.pinterest.com *.pinimg.com maps.googleapis.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com *.googleapis.com *.gstatic.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.affirm.com *.affirm.ca *.online-metrix.net testflex.cybersource.com flex.cybersource.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ player.vimeo.com *.mention-me.com maps.googleapis.com *.cardinalcommerce.com h.online-metrix.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.reviews.io *.reviews.co.uk *.stagescycling.com *.avmws.com *.cloudflare.com *.cloudflareinsights.com *.clarity.ms *.google.co.uk google.com 'unsafe-eval' *.googleadservices.com *.googlesyndication.com *.googletagservices.com googletagmanager.com tagmanager.google.com *.trackedlink.net *.trackedweb.net *.bluesnap.com *.braintree-api.com *.braintreegateway.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klaviyo.com *.paypalobjects.com data: *.pcapredict.com *.postaffiliatepro.com *.postcodeanywhere.co.uk *.pinterest.com *.pinimg.com *.segment.com *.sleeknote.com *.trackjs.com *.xtento.com *.sciencebehindecommerce.com *.dwin1.com *.awin1.com *.zenaps.com *.acsbapp.com acsbapp.com *.accessibe.com *.termly.io ajax.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://static.klaviyo.com maxcdn.bootstrapcdn.com unsafe-inline *.cloudfront.net *.reviews.co.uk *.stagescycling.com *.affirm.com *.cloudflare.com *.google.co.uk *.google.com google.com *.googleusercontent.com *.googlesyndication.com *.facebook.net data: 'unsafe-inline' *.icomoon.io *.paypal.com *.reviews.io *.braintree-api.com *.braintreegateway.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klaviyo.com *.pinterest.com *.pinimg.com www.googletagmanager.com googletagmanager.com tagmanager.google.com *.sleeknote.com *.sciencebehindecommerce.com *.dwin1.com *.awin1.com *.zenaps.com *.acsbapp.com acsbapp.com *.accessibe.com 'self' 'unsafe-inline'; object-src *.stagescycling.com *.cloudflare.com *.google.co.uk *.google.com google.com *.gstatic.com *.googleapis.com *.googleusercontent.com *.googletagmanager.com *.doubleclick.net *.googleadservices.com *.googlesyndication.com *.googletagservices.com *.arcot.com *.pinterest.com *.pinimg.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.mention-me.com www.gstatic.com maps.googleapis.com *.cardinalcommerce.com h.online-metrix.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.stagescycling.com *.acsbapp.com acsbapp.com *.accessibe.com *.bing.com *.bluesnap.com *.bugherd.com *.bugsnag.com *.clarity.ms *.cloudflare.com data: *.google.co.uk google.com *.gstatic.com *.googleusercontent.com *.googlesyndication.com googletagmanager.com tagmanager.google.com about: *.doubleclick.net *.braintreegateway.com *.klaviyo.com *.postaffiliatepro.com *.pusherapp.com api.segment.io *.segment.com *.segment.io *.sleeknote.com *.trackjs.com *.rollbar.com *.sciencebehindecommerce.com *.dwin1.com *.awin1.com *.zenaps.com *.googleadservices.com *.pinterest.com *.pinimg.com *.termly.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.stagescycling.com *.cloudflare.com *.youtube.com *.google.co.uk *.google.com google.com *.gstatic.com *.googleapis.com *.googleusercontent.com *.doubleclick.net *.googlesyndication.com www.googletagmanager.com googletagmanager.com tagmanager.google.com data: blob: *.arcot.com *.pinterest.com *.pinimg.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://stagescycling.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
font-src maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.affirm.com *.affirm.ca c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://content.cylindo.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com *.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://viewer-cdn.cylindo.com/v1/bar.mjs https://viewer-cdn.cylindo.com/v1/index.mjs js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com https://fonts.googleapis.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://content.cylindo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.googletagmanager.com *.gstatic.com www.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: consentcdn.cookiebot.com www.google-analytics.com imgsct.cookiebot.com cdnjs.cloudflare.com consent.cookiebot.com vod.overendstudio.co.za www.googletagmanager.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-SsoEN0YClDr6wltsOxD2' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample';report-uri https://csp.withgoogle.com/csp/scfe 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.googlesyndication.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.multisafepay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com downloads.mailchimp.com https://fonts.googleapis.com *.multisafepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.multisafepay.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-QcpT1xnh2_B_jDhDOp5nfQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-MV7ZA7alZsjc0xibRL_fZw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; 	style-src 'self' 'unsafe-inline' 	https://content.quantcount.com https://code.jquery.com https://cdn.datatables.net https://fonts.googleapis.com https://*.bootstrapcdn.com https://cdn.jsdelivr.net https://*.googleapis.com https://*.cloudflare.com https://www.gstatic.com https://trello.com; 	script-src 'self' 'unsafe-inline' 'unsafe-eval' 	https://assets.adobedtm.com https://fordeu.d3.sc.omtrdc.net https://*.ampproject.org https://*.adnxs-simple.com https://*.comcar.co.uk https://*.adnxs.com https://*.googlesyndication.com https://*.googletagservices.com https://adservice.google.co.uk https://adservice.google.com https://cdn.jsdelivr.net https://use.typekit.net https://*.quantcount.com https://*.quantserve.com https://*.consensu.org https://datacygnal.io https://*.doubleclick.net https://*.googletagmanager.com https://*.opel.com https://*.vauxhall.co.uk https://*.googleadservices.com https://*.bing.com https://netmng.com https://*.hotjar.com https://*.cloudfront.net https://*.netmng.com https://cbvc.agilecrm.com https://*.cloudflare.com https://*.google-analytics.com https://*.amazonaws.com https://cdn.datatables.net https://use.fontawesome.com https://www.google.com https://stackpath.bootstrapcdn.com unpkg.com https://browser.sentry-cdn.com https://www.google.com/jsapi https://www.gstatic.com https://code.jquery.com https://*.googleapis.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://trello.com; 	font-src 'self' data: 		https://use.typekit.net https://cdn.jsdelivr.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://secure.carmendata.co.uk https://fonts.googleapis.com; 	img-src 'self' data: 	https://p.typekit.net https://*.google-analytics.com https://*.quantcount.com https://*.quantserve.com https://*.googlesyndication.com https://*.pubmatic.com https://*.google.com https://*.google.co.uk https://*.omtrdc.net https://*.bing.com https://*.adnxs.com https://*.doubleclick.net https://ssl.caranddriving.com https://secura.cloud https://s3-eu-west-1.amazonaws.com https://*.googleapis.com https://res.cloudinary.com; 	frame-ancestors 'self' https://kia.com https://www.kia.com https://www.seat.co.uk https://www.cupraofficial.co.uk https://www.ethosfinance.co.uk https://www.skoda.co.uk https://daysfleet.com https://www.mg.co.uk https://www.sgfleet.com https://www.fleetalliance.co.uk https://www.vanarama.com https://www.fleetnews.co.uk https://www.businesscar.co.uk https://www.whatvan.co.uk https://www.wessexfleet.co.uk; 	frame-src 'self' 		https://*.pubmatic.com https://*.comcar.co.uk  https://*.adnxs.com https://*.googlesyndication.com https://*.hotjar.com https://*.doubleclick.net https://ssl.caranddriving.com https://www.google.com; 	connect-src 'self' 		https://*.googlesyndication.com https://*.amazonaws.com wss://*.hotjar.com https://*.consensu.org https://*.doubleclick.net https://*.pubmatic.com https://*.teads.tv https://*.adnxs.com https://*.hotjar.com https://*.hotjar.io https://*.google-analytics.com https://*.googleapis.com  https://*.comcar.co.uk https://*.sentry.io https://sentry.io; 	 1
object-src 'none';base-uri 'self';script-src 'nonce-FKD2FvC9tj8exry95P6xqg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https:;script-src https: 'strict-dynamic' 'nonce-1dda4473eaeb42281275a6628bcd2361ef480e07b4370ebace17e95274185fe3' 'unsafe-inline' 'unsafe-eval' 'report-sample';style-src https: 'unsafe-inline';img-src https: data:;connect-src https: wss:;font-src https: data:;object-src 'none';media-src https: blob: data:;frame-src https: null data: blob:;child-src 'self' https:;form-action 'self';frame-ancestors https://my.firespring.com;base-uri 'self' https://insights.sitesearch360.com;worker-src 'self' blob:;manifest-src 'self' https://cdn.firespring.com;report-uri /csp_log?n=1 1
font-src *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnaevt.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.klarna.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.klarna.com *.klarnaevt.com *.klarnacdn.net *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.klarna.com *.klarnacdn.net *.klarnaservices.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.gstatic.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.maxmind.com *.cloudflare.com *.stripe.com klarna.com *.klarnaevt.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com assets.braintreegateway.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com b.clarity.ms *.mmapiws.com *.stripe.com klarna.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com data: *.gstatic.com *.bootstrapcdn.com *.zopim.com https://widgets.trustedshops.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net player.vimeo.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://www.googletagmanager.com/ *.vimeo.com *.hotjar.com *.google.com *.youtube.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: *.vimeocdn.com s.ytimg.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ flagpedia.net *.koongo.com *.retailrocket.net *.google.com *.google.nl *.bing.com *.facebook.com *.trustedshops.com *.facebook.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.google.fr *.google.ie 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.retailrocket.net http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.sooqr.com *.spotlersearch.com spotlersearchanalytics.com *.gstatic.com maps.googleapis.com *.cloudflare.com chimpstatic.com *.google.com *.trustedshops.com *.google-analytics.com *.googleadservices.com browser-update.org *.bing.com *.facebook.com *.doubleclick.net *.hotjar.com *.facebook.net *.zopim.com *.newrelic.com *.nr-data.net *.zdassets.com *.googletagmanager.com *.cookiebot.com *.clarity.ms https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.google.fr *.google.ie googleads.g.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com *.sooqr.com *.spotlersearch.com maxcdn.bootstrapcdn.com *.gstatic.com cdnjs.cloudflare.com/ajax/libs/highlight.js/9.3.0/styles/darkula.min.css *.retailrocket.net *.bootstrapcdn.com *.googleapis.com *.cloudflare.com *.googletagmanager.com *.cookiebot.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.algolia.net *.algolia.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.retailrocket.net http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ www.gstatic.com maps.googleapis.com *.koongo.com *.doubleclick.net *.hotjar.io *.hotjar.com *.zdassets.com *.zopim.com wss://widget-mediator.zopim.com *.nr-data.net *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
upgrade-insecure-requests; default-src 'none'; object-src 'self'; media-src 'self'; connect-src 'self'; frame-ancestors 'none'; frame-src https://www.youtube.com; img-src 'self' data: https://www.google-analytics.com https://maps.gstatic.com https://csi.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; script-src 'self' 'nonce-dbf771ef9547b8be782e910e3aacee24447bcbd9' 'sha256-NeueIEO8rwnaeJW0jYHRwrarPP+KzGzhk6xBJ06ntlw=' https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://maps.googleapis.com; 1
default-src 'self' ; script-src * ; img-src 'self' secure.gravatar.com www.gravatar.com i.ytimg.com; object-src 'none' ; frame-src 'self' www.youtube.com; child-src 'self' www.youtube.com; report-uri https://www.eukles.com?gdsih-csp-report; 1
object-src 'none';base-uri 'self';script-src 'nonce--porAzLir5XI0MuL0Qax2A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://www.hollowaysofludlow.com *.yotpo.com *.googleapis.com *.gstatic.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com https://plumrocket.com https://www.hollowaysofludlow.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.instagram.com accounts.google.com account.fetchify.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com https://www.hollowaysofludlow.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cdninstagram.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://www.hollowaysofludlow.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.instagram.com accounts.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.googletagmanager.com *.googleadservices.com *.google-analytics.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.hollowaysofludlow.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com accounts.google.com cc-cdn.com https://static.klaviyo.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com https://fonts.googleapis.com https://www.hollowaysofludlow.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com vimeo.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com accounts.google.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com https://www.hollowaysofludlow.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.sirv.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com www.facebook.com *.hotjar.com *.addthis.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.sirv.com www.xtento.com cdn.xtento.com *.googleapis.com *.gstatic.com *.tawk.to cdn.jsdelivr.net *.laybuy.com www.facebook.com www.google.com.ua www.google.pl *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com polyfill.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.sirv.com player.vimeo.com www.xtento.com cdn.xtento.com secure.authorize.net test.authorize.net www.gstatic.com/recaptcha www.google.com/recaptcha api.addressfinder.io *.googleapis.com *.tawk.to cdn.jsdelivr.net www.google.com www.gstatic.com js-agent.newrelic.com bam.nr-data.net *.facebook.net *.laybuy.com *.hotjar.com bam.eu01.nr-data.net *.moatads.com *.addthisedge.com *.addthis.com *.osano.com cdn.pricespider.com locate.pricespider.com *.pricespider.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://static.klaviyo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.sirv.com cdn.pricespider.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.sirv.com stergita.sirv.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.sirv.com *.facebook.net *.algolianet.com ekr.zdassets.com *.googleapis.com *.tawk.to bam.nr-data.net *.laybuy.com *.cloudfront.net stats.g.doubleclick.net t.labs.au.edge.zip.co in.hotjar.com bam.eu01.nr-data.net *.osano.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src www.facebook.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://cdnjs.cloudflare.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com maps.googleapis.com chart.googleapis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com https://stellar-live.inside-graph.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com maps.googleapis.com chart.googleapis.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://stellar-cdn.inside-graph.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.fontawesome.com unsafe-inline https://stellar-cdn.inside-graph.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com maps.googleapis.com chart.googleapis.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://stellar-live.inside-graph.com wss://stellar-live.inside-graph.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-TxghpI2w8v1dopYStHiGLg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src https://square-fonts-production-f.squarecdn.com/ https://d1g145x70srn7h.cloudfront.net/ fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com https://acs-us-east-1.ndsprod.nds-sandbox-issuer.com/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://pci-connect.squareup.com https://connect.squareup.com https://pci-connect.squareupsandbox.com https://connect.squareupsandbox.com https://sandbox.web.squarecdn.com https://web.squarecdn.com https://sandbox.kit.cash.app/ https://kit.cash.app/ https://acs-us-east-1.ndsprod.nds-sandbox-issuer.com/ https://api.squareupsandbox.com/ https://api.squareup.com/ *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://www.gstatic.com/ https://sandbox.api.cash.app/ https://site-assets.afterpay.com/ https://sandbox.web.squarecdn.com/ https://api.cash.app/ https://web.squarecdn.com/ https://api.squareupsandbox.com/ https://api.squareup.com/ *.gstatic.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://js.squareup.com https://js.afterpay.com/ https://nd.squarecdn.com https://js.squareupsandbox.com https://sandbox.web.squarecdn.com https://web.squarecdn.com https://portal.sandbox.afterpay.com/ https://portal.afterpay.com/ https://cdn.plaid.com/ https://sandbox.kit.cash.app/ https://kit.cash.app/ *.cloudflare.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com maps.googleapis.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com unsafe-inline https://sandbox.web.squarecdn.com https://web.squarecdn.com https://sandbox.kit.cash.app/ https://kit.cash.app/ https://fonts.googleapis.com/ fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://pci-connect.squareup.com https://pci-connect.squareupsandbox.com https://api.amplitude.com/ https://api.squareupsandbox.com/ https://api.squareup.com/ https://o160250.ingest.sentry.io/ https://www.google-analytics.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: www.gstatic.com 'nonce-/2mT4WQDcnkBW5RZRE84qQ=='; style-src 'self' https:; report-uri https://craftcourses.report-uri.com/r/d/csp/enforce 1
default-src data: https: 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes'; img-src data: *; script-src 'unsafe-inline' 'unsafe-hashes' *; style-src 'unsafe-inline' 'unsafe-hashes' *; connect-src *; child-src *; font-src *; report-uri /_csp; report-to default 1
* 1
default-src 'self' duncker-humblot.de www.duncker-humblot.de captcha.wirth-horn.de cookiemanager.wirth-horn.de https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com *.g.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com 'unsafe-eval' 'unsafe-inline'; img-src data: *; media-src *; font-src data: 'self' https://fonts.gstatic.com https://fonts.googleapis.com; report-uri /csp-report.cfm 1
object-src 'none';base-uri 'self';script-src 'nonce-Y-Zef2g-IYQktE6KFPrZTw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-5aiPv2tWlC0_bP0qLwZo_w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.typekit.net *.gstatic.com *.gorgias.chat *.fontawesome.com *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.typekit.net services.postcodeanywhere.co.uk *.aerin.com www.aerin.com foursixty.com scontent.cdninstagram.com bam.nr-data.net google.co.in www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://imgs.signifyd.com https://*.online-metrix.net *.facebook.com *.bing.com *.google.co.in *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.typekit.net *.newrelic.com *.nr-data.net secure-a.vimeocdn.com *.paypal.com foursixty.com *.aftership.com *.pcapredict.com services.postcodeanywhere.co.uk *.gorgias.chat polyfill.io *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com songbirdstag.cardinalcommerce.com *.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com *.hotjar.com acsbapp.com *.facebook.net *.attn.tv *.bing.com *.google.co.in *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.typekit.net foursixty.com services.postcodeanywhere.co.uk *.googleapis.com *.gorgias.chat *.fontawesome.com *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.nr-data.net *.braintree-api.com *.paypal.com *.signifyd.com foursixty.com *.aftership.com services.postcodeanywhere.co.uk metrics.foursixty.com *.gorgias.chat stats.g.doubleclick.net *.amplitude.com thm.visa.com *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.google.com google.com https://imgs.signifyd.com *.hotjar.com *.hotjar.io *.acsbapp.com *.attentivemobile.com *.attn.tv wss://ws.hotjar.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.gorgias.chat 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com api-maps.yandex.ru; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: www.google-analytics.com *.googleapis.com *.gstatic.com api-maps.yandex.ru *.maps.yandex.net; font-src 'self' data: fonts.gstatic.com; connect-src 'self' www.google-analytics.com; media-src 'self'; object-src 'self' www.youtube.com; frame-src 'self' www.youtube.com api-maps.yandex.ru; frame-ancestors 'self'; worker-src 'self'; block-all-mixed-content; manifest-src 'self' 'self'; report-uri https://vzotch.report-uri.com/r/d/csp/reportOnly 1
font-src *.cdn.hardwareandtools.net fonts.gstatic.com static.klaviyo.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: cdn.stamped.io cdn1.stamped.io stamped.io data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.doubleclick.net *.webeyez.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com *.google.com/ www.googletagmanager.com https://plumrocket.com https://accounts.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.sharethis.com d3k81ch9hvuctc.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.cdn.hardwareandtools.net *.doubleclick.net *.gstatic.com *.videoly.co bat.bing.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://www.magezon.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.hsforms.net *.hsforms.com 'self' data: cdn.stamped.io cdn1.stamped.io stamped.io seal-dc-easternpa.bbb.org www.shopperapproved.com data: 'self' 'unsafe-inline'; script-src *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.cdn.hardwareandtools.net *.doubleclick.net *.gstatic.com *.videoly.co *.webeyez.com bam.nr-data.net bat.bing.com c.bing.com player.vimeo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.shopperapproved.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.google.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com https://accounts.google.com https://www.gstatic.com *.hsforms.net *.hsforms.com cdn.stamped.io cdn1.stamped.io stamped.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.sharethis.com *.cdn.hardwareandtools.net *.googleapis.com https://static.klaviyo.com www.shopperapproved.com unsafe-inline assets.braintreegateway.com static-tracking.klaviyo.com maxcdn.bootstrapcdn.com https://accounts.google.com https://www.gstatic.com *.gstatic.com cdn.stamped.io cdn1.stamped.io stamped.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src cdn.stamped.io cdn1.stamped.io stamped.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.cdn.hardwareandtools.net *.doubleclick.net *.googleapis.com *.gstatic.com *.videoly.co *.webeyez.com bam.nr-data.net bat.bing.com cognito-identity.eu-west-1.amazonaws.com firehose.eu-west-1.amazonaws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net https://accounts.google.com t.elasticsuite.io *.hsforms.net *.hsforms.com cdn.stamped.io cdn1.stamped.io stamped.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri  https://30ae6134-06ca-4750-808b-512538fb384e.sansec.watch; report-to report-endpoint; 1
img-src https://higherlogicdownload.s3.amazonaws.com/BETAGAMMASIGMA/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/BETAGAMMASIGMA/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/BETAGAMMASIGMA/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' https://higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/BETAGAMMASIGMA/ https://higherlogicdownload.s3.amazonaws.com/BETAGAMMASIGMA/ https://higherlogiclongterm.s3.amazonaws.com/BETAGAMMASIGMA/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogiccloudfront.s3.amazonaws.com https://higherlogicdownload.s3.amazonaws.com/BETAGAMMASIGMA/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/BETAGAMMASIGMA/ 'self' https://higherlogiclongterm.s3.amazonaws.com/BETAGAMMASIGMA/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; media-src https://higherlogiclongterm.s3.amazonaws.com/BETAGAMMASIGMA/ https://higherlogicdownload.s3.amazonaws.com/BETAGAMMASIGMA/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/BETAGAMMASIGMA/ https://higherlogicstream.s3.amazonaws.com/BETAGAMMASIGMA/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/BETAGAMMASIGMA/ https://higherlogicdownload.s3.amazonaws.com/BETAGAMMASIGMA/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/hlqui-2024-05-08.js https://d132x6oi8ychic.cloudfront.net https://cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/BETAGAMMASIGMA/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/hlq-2024-05-08.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; script-src-elem https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/hlqui-2024-05-08.js https://d3uf7shreuzboy.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/hlq-2024-05-08.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; default-src 'self'; base-uri 'self'; connect-src 'self' https://hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.licdn.com *.gstatic.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com about:; style-src 'self' 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' data: https://fonts.gstatic.com; report-uri https://irfu.report-uri.io/r/default/csp/reportOnly; 1
font-src *.klevu.com *.ksearchnet.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.zopim.com *.gstatic.com *.tawk.to *.jsdelivr.net media.flixfacts.com 'unsafe-inline' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com oppwa.com *.oppwa.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; frame-ancestors *.hana.ondemand.com 'self'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com oppwa.com *.oppwa.com data:text *.google.com *.nosto.com *.youtube.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.addthis.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'unsafe-inline' data: www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.cloudflare.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.gstatic.com *.zopim.com *.nosto.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co *.tawk.to tawk.link *.tawk.link *.addthis.com *.jsdelivr.net *.facebook.com *.youtube.com *.azurewebsites.net www.google-analytics.com maps.googleapis.com app.mobicredwidget.co.za amcglobal.sc.omtrdc.net media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.oppwa.com oppwa.com worldtimeapi.org *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.newrelic.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.nosto.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.to *.tawk.link *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.mouseflow.com *.nr-data.net *.facebook.com maps.googleapis.com www.googleadservices.com commerce.adobedtm.com magento-recs-sdk.adobe.net static.zdassets.com app.mobicredwidget.co.za www.gstatic.com connect.facebook.net bam.nr-data.net googleads.g.doubleclick.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com oppwa.com *.oppwa.com *.cloudflare.com *.googleapis.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.testfreaks.com *.google.com *.nosto.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.paypal.com *.tawk.to wss://*.tawk.to *.tawk.link *.addthis.com *.addthisedge.com *.nr-data.net vsb111.tawk.to ekr.zdassets.com api.magento.com commerce.adobedc.net app.mobicredwidget.co.za www.google-analytics.com wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-eval' data: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'nonce-jc/UFduq9pd75s+znm0IQzHbdxU=' 'strict-dynamic'; report-uri https://sqro.net/report/csp 1
img-src 'self' data: https://secure.gravatar.com  https://egnatia-demo.eu  https://imgsct.cookiebot.com  https://www.egnatia.eu  https://ssl.google-analytics.com  https://www.googletagmanager.com  https://fonts.gstatic.com  https://translate.google.com  https://region1.google-analytics.com  https://s.w.org  https://mc.yandex.ru  https://uploads-ssl.webflow.com  https://www.google.gr  https://www.google-analytics.com  blob:  https://egnatia.eu  https://pos.baidu.com  https://yastatic.net  https://cdn.honey.io  https://patriciaportfolio.googlecode.com  https://images.profileengine.com  http://cdn.css-tricks.com  http://www.stackoverflow.com  https://www.google.rs  https://www.google.ba  https://www.stackoverflow.com  file  https://www.google.com.ua  ; default-src 'self'; script-src 'self' 'unsafe-inline' data:  https://www.googletagmanager.com  https://consent.cookiebot.com  https://ssl.google-analytics.com  https://consentcdn.cookiebot.com  https://www.google.com  https://ff.kis.v2.scr.kaspersky-labs.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://clients1.google.com  https://connect.facebook.net  https://me.kis.v2.scr.kaspersky-labs.com  https://gc.kes.v2.scr.kaspersky-labs.com  https://www.pagespeed-mod.com  https://mstat.acestream.net  https://www.google-analytics.com  https://translate.google.com  https://kellyfight.com  https://www.egnatia.eu  https://www.gstatic.com  https://egnatia.eu  https://y15r4.ez05w7r.com  https://awaybird.ru  https://s3.amazonaws.com  https://mainf.global-cache.online  https://translate.googleapis.com  https://conoret.com  https://www.microsofttranslator.com  https://translate.yandex.net  https://exmkleo.com  blob:  'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com  https://consent.cookiebot.com  https://ssl.google-analytics.com  https://consentcdn.cookiebot.com  https://www.google.com  https://ff.kis.v2.scr.kaspersky-labs.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://clients1.google.com  https://connect.facebook.net  https://me.kis.v2.scr.kaspersky-labs.com  https://gc.kes.v2.scr.kaspersky-labs.com  https://www.pagespeed-mod.com  https://mstat.acestream.net  https://www.google-analytics.com  https://translate.google.com  https://kellyfight.com  https://www.egnatia.eu  https://www.gstatic.com  https://egnatia.eu  https://y15r4.ez05w7r.com  https://awaybird.ru  https://s3.amazonaws.com  https://mainf.global-cache.online  https://translate.googleapis.com  https://conoret.com  https://www.microsofttranslator.com  https://translate.yandex.net  https://exmkleo.com  blob: ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com  https://www.gstatic.com  https://ff.kis.v2.scr.kaspersky-labs.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://adblockers.opera-mini.net  https://egnatia.eu  https://me.kis.v2.scr.kaspersky-labs.com  data:  https://cdn.honey.io  https://www.egnatia.eu ; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com  https://www.gstatic.com  https://ff.kis.v2.scr.kaspersky-labs.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://adblockers.opera-mini.net  https://egnatia.eu  https://me.kis.v2.scr.kaspersky-labs.com  data:  https://cdn.honey.io  https://www.egnatia.eu ; object-src 'self' https://noop.style  https://div.show;  connect-src 'self' https://region1.google-analytics.com  https://consentcdn.cookiebot.com  https://ssl.google-analytics.com  https://www.google-analytics.com  https://infragrid.v.network  https://translate-pa.googleapis.com  https://translate.googleapis.com  https://gjtrack.ucweb.com  https://adtonus.com  https://code.jquery.com  https://rktds.net  https://rbtds.net  https://region1.analytics.google.com  https://metrics-dre.dt.dbankcloud.cn  https://plugin.ucads.ucweb.com  https://stats.g.doubleclick.net  https://www.google.gr  https://api.ciuvo.com  https://egnatia-demo.eu  https://www.egnatia.eu  https://cdnml.global-cache.online  https://tl.ytlogs.ru  https://service5.gstatic-cache.com  https://api.trongrid.io  https://cdnmi.global-cache.online  https://consent.cookiebot.com  https://meetlookup.com  https://api.amcreativemedia.com  https://api.gray-analytics.com  https://overbridgenet.com  https://www.googletagmanager.com  data:  https://analytics.google.com  https://www.google.rs  https://www.google.ba  https://www.google.com.ua;  frame-src 'self' https://egnatiaodos.maps.arcgis.com  https://consentcdn.cookiebot.com  https://www.google.com  https://geoportal.egnatia.gr  https://geoportalnew.egnatia.gr  https://www.google.ie  https://fouit.gr  https://goto.arcgis.com  https://www.ciuvo.com  https://remove.video  https://m.youtube.com  https://div.show  https://skytraf.xyz  https://www.googletagmanager.com  https://noop.style  https://egnatia-demo.eu  https://www.youtube.com  https://212.205.37.2  https://safe-cws-sase.vmware.com;  font-src 'self' https://www.egnatia.eu  https://fonts.gstatic.com  data:  https://static3.avast.com  chrome-extension  moz-extension  https://cdn.scite.ai  https://egnatia.eu  https://cdn.megabonus.com  https://static.preply.com  https://www.slant.co;  media-src 'self' data:;  worker-src 'self' blob:;  report-uri https://egnatia.eu/wp-json/rsssl/v1/csp?rsssl_apitoken=521125587; 1
object-src 'none';base-uri 'self';script-src 'nonce-nOdP6hn01mKvEJPtXcZBvA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.tawk.to fonts.gstatic.com *.jotfor.ms data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.facebook.com/tr/ *.tawk.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://www.facebook.com/ https://*.hotjar.com/ js.mollie.com *.tawk.to *.weltpixel.com *.youtube-nocookie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://*.google.com https://*.google.be https://*.facebook.com/ https://www.facebook.com/tr/ https://*.doubleclick.net *.google.com *.google-analytics.com *.analytics.google.com https://www.mollie.com *.tawk.to cdn.jsdelivr.net *.gstatic.com *.ytimg.com *.jotform.com *.jotfor.ms data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://devdocs.magento.com https://magento.com https://*.google.com https://*.google.be https://*.g.doubleclick.net/ http://*.googletagmanager.com/ https://www.facebook.com/ https://connect.facebook.net/ https://tawk.to *.google.com *.google-analytics.com *.analytics.google.com *.avada.io js.mollie.com *.tawk.to cdn.jsdelivr.net https://www.googletagmanager.com tagmanager.google.com https://cookiehub.net *.hotjar.com *.youtube-nocookie.com *.jotform.com *.jotfor.ms 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://*.tawk.to *.cookiehub.net *.fontawesome.com maxcdn.bootstrapcdn.com fonts.googleapis.com cdn.jsdelivr.net tagmanager.google.com https://cookiehub.net *.jotfor.ms 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://devdocs.magento.com https://*.google.com https://tawk.to https://*.g.doubleclick.net/ https://*.hotjar.com/ *.google.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net https://get.geojs.io *.avada.io *.tawk.to wss://*.tawk.to https://www.google-analytics.com https://noembed.com https://submit.jotformeu.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de account.fetchify.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de s7.addthis.com *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cc-cdn.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.craftyclicks.co.uk pcls1.craftyclicks.co.uk ekr.zdassets.com/ https://get.geojs.io *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-r2yNfNmKP0tKxwJlrI6vvA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-inline' 5765386.fs1.hubspotusercontent-na1.net;   script-src 'self' 'unsafe-inline' *.hsadspixel.net *.hs-analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com *.google.com *.hunters.security.com *.googleapis.com *.twitter.com *.facebook.net *.linkedin.com *.hotjar.com unpkg.com *.cloudflare.com *.fontawesome.com *.zoominfo.com googletagmanager.com *.licdn.com googleads.g.doubleclick.net 5765386.fs1.hubspotusercontent-na1.net googletagmanager.com webthemez.com j.6sc.co google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com/analytics.js js.chilipiper.com *.cookiebot.com 'unsafe-eval';connect-src 'self' *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com *.hunters.security.com hunters.security localhost:1442 5765386.fs1.hubspotusercontent-na1.net wss://ws.hotjar.com content.hotjar.io px.ads.linkedin.com vc.hotjar.io content.hotjar.io ws.zoominfo.com google-analytics.com c.6sc.co ipv6.6sc.co webthemez.com analytics.google.com *.google.com stats.g.doubleclick.net j.6sc.co google-analytics.com *.google.com analytics.google.com stats.g.doubleclick.net https://www.google-analytics.com metrics.hotjar.io http://localhost:1442/ www.comeet.co *.cookiebot.com; frame-src *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com *.hsforms.net *.hsforms.com *.hunters.security.com  *.google.com *.twitter.com *.facebook.com *.doubleclick.net metrics.hotjar.io demostack.app googletagmanager.com webthemez.com *.youtube.com *.zoominfo.com app.hubspot.com *.chilipiper.com *.cookiebot.com; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' data: 1
object-src 'none';base-uri 'self';script-src 'nonce-MlnjGdbOOWc5lRJP27xQ2g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-lnihNvoSO9Gz9mKabrqVYQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' statistiek.rijksoverheid.nl; script-src 'self' 'sha256-3Pejfkj6T0q3nIFwdhJVA0ST+KnF2yIhYlZO1qmTNPU=' statistiek.rijksoverheid.nl 'report-sample' 'sha256-IbtDa5/kbW2Hbn7qGi1538ERW/JuXrjCjK6zuL7QDfE=' 'sha256-/JNc+BuklzUXPWbtNKf7geALzzw4NbuLvyFYGJIRnXc=' 'sha256-CaN42Zi+a+oATitdYvGRVlyS6mCZIxrLFXhTbgp6HCI='; object-src 'self'; style-src 'self' 'sha256-2haq8oHxQM6XYJ1EnNAO37NNVFrJGhmY1jn8sa3S0AU=' 'sha256-7xqMqDOfWqvgvujBp1NXgw9yq9uWja1UZbZbBoSphjU=' 'sha256-mCFjSEfVbMV655L708fbXky77erDrJ8sYVyx+V9Igjg=' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs='  'sha256-1VTAHS0X+0lgrfu7iW/2ikIZ/VIANi00phY6Pqavxdg=' 'sha256-p6HyQ9qqQIVvilUDUG0LZmJsmqaueCFxNRdnqp+CQu0=' 'sha256-p3iFO5bVyUOAUUESOH4bv8z4dxbPZZXWh/MQHoshxww='; img-src 'self' statistiek.rijksoverheid.nl *.rovid.nl data:; media-src 'self' rovid.nl *.rovid.nl; frame-src 'self' ; font-src 'self'; report-uri https://sentry.dtnr.nl/api/44/security/?sentry_key=7a6c58c960be4975936f128606931c16&sentry_environment=production 1
object-src 'none';base-uri 'self';script-src 'nonce-kgTvgse0lfSGU9S3tNW4tg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com www.milkandblush.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.milkandblush.com 'self' 'unsafe-inline'; frame-ancestors www.milkandblush.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.klarna.com landofcoder.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.milkandblush.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://static.afterpay.com https://site-assets.afterpay.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ validate.fishpig.co.uk *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.milkandblush.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarna.com *.klarnacdn.net *.klarnaservices.com landofcoder.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.milkandblush.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com https://static.klaviyo.com *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com www.milkandblush.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com www.milkandblush.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com landofcoder.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com www.milkandblush.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.milkandblush.com http: https: blob: 'self' 'unsafe-inline'; default-src www.milkandblush.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src 'none' 'report-sample'; style-src 'unsafe-inline' 'report-sample'; connect-src 'none'; child-src 'none'; frame-src 'none'; worker-src 'none'; frame-ancestors 'none'; form-action 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://csp.threatview.app/report 1
font-src *.googleapis.com https://www.gstatic.com *.fontawesome.com *.cleverreach.com *.ekomiapps.de https://fonts.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.cleverreach.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com *.cleverreach.com *.weltpixel.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.mollie.com *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com https://*.gstatic.com *.cloudfront.net *.fbcdn.net *.google.de *.google.com *.facebook.com *.cdninstagram.com *.instagram.com *.crl.eu *.smartsuppcdn.com *.ytimg.com *.ekomiapps.de https://*.google.com https://*.googleapis.com https://*.googleusercontent.com https://img.youtube.com https://www.magezon.com https://www.mollie.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com https://*.gstatic.com *.google.com *.gstatic.com *.instagram.com *.facebook.com *.facebook.net *.googletagmanager.com cdnjs.cloudflare.com paypalobjects.com *.smartsuppchat.com *.smartsuppcdn.com *.qualtrics.com *.adform.net *.google-analytics.com *.ekomiapps.de smart-widget-assets.ekomiapps.de https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com s7.addthis.com *.avada.io js.mollie.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.googleapis.com *.google.com *.gstatic.com *.smartsuppcdn.com *.fontawesome.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.smartsuppcdn.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.gstatic.com *.smartsuppcdn.com *.smartsupp.com *.smartsuppchat.com *.google-analytics.com *.doubleclick.net *.qualtrics.com *.adform.net wss://websocket-visitors.smartsupp.com *.ekomiapps.de https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com ekr.zdassets.com/ https://get.geojs.io *.avada.io https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://*.gstatic.com *.bootstrapcdn.com *.doofinder.com *.api.useinsider.com *.hotjar.com *.klarnaservices.com *.klarnauserservices.com *.foursixty.com *.klarnaevt.com *.bronto.com *.nr-data.net *.facebook.com *.facebook.net *.trustpilot.com *.loyaltylion.net *.criteo.com *.criteo.net *.gstatic.com *.cloudfront.net *.bglobale.com *.global-e.com *.fontawesome.com maxcdn.bootstrapcdn.com https://cdn.nibble.website https://fonts.googleapis.com https://fonts.gstatic.com/ chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com widget.reviews.co.uk *.reviews.io *.reviews.co.uk https://widgets.trustedshops.com *.amazonaws.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com widget.reviews.co.uk https://plumrocket.com *.reviews.io *.reviews.co.uk *.dmtrk.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.zenaps.com *.fls.doubleclick.net *.bootstrapcdn.com *.doofinder.com *.api.useinsider.com *.hotjar.com *.klarnaservices.com *.klarnauserservices.com *.klarnaevt.com *.bronto.com *.nr-data.net *.facebook.com *.facebook.net *.trustpilot.com *.loyaltylion.net *.criteo.com *.criteo.net *.paypalobjects.com *.freshchat.com *.yieldify.com *.reviews.co.uk *.agechecked.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.bglobale.com *.global-e.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com widget.reviews.co.uk https://plumrocket.com *.reviews.io pay.google.com *.doubleclick.net *.pinterest.com *.apple.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://*.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.zenaps.com *.wepowerconnections.com *.bootstrapcdn.com *.doofinder.com *.api.useinsider.com *.hotjar.com *.klarnaservices.com *.klarnauserservices.com *.klarnaevt.com *.bronto.com *.nr-data.net *.facebook.com *.facebook.net *.trustpilot.com *.loyaltylion.net *.criteo.com *.criteo.net *.advertising.com *.outbrain.com *.google.com *.taboola.com *.bing.com *.ad-stir.com *.smartclip.net *.yieldify.com *.postcodeanywhere.co.uk *.bglobale.com *.global-e.com flagpedia.net https://cdn.nibble.website chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com grwapi.net widget.reviews.co.uk secure.adnxs.com *.cloudfront.net *.reviews.io *.reviews.co.uk https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.sweetanalytics.com pay.google.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.linkedin.com *.sleeknote.com *.stackadapt.com *.apple.com *.roeye.com storage.googleapis.com platform-cdn.sharethis.com widget-cdn.prod.nibble.website *.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com agechecked.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.webgains.io *.newrelic.com *.foursixty.com *.bootstrapcdn.com *.doofinder.com *.api.useinsider.com *.hotjar.com *.klarnaservices.com *.klarnauserservices.com *.klarnaevt.com *.bronto.com *.nr-data.net *.facebook.com *.facebook.net *.google.com *.gstatic.com *.paypal.com *.trustpilot.com *.loyaltylion.net *.criteo.com *.criteo.net paypal-eu-cdn.cloudiq.com *.salesfire.co.uk *.googletagmanager.com *.esearchvision.com *.pcapredict.com *.reviews.co.uk *.freshchat.com *.postcodeanywhere.co.uk *.prettifyjs.net *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.bglobale.com *.global-e.com s7.addthis.com https://cdn.nibble.website chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com widget.reviews.co.uk widget-cdn.prod.nibble.website s.pinimg.com snap.licdn.com sleeknotecustomerscripts.sleeknote.com sleeknotestaticcontent.sleeknote.com td.yieldify.com bat.bing.com tags.srv.stackadapt.com track.sweetanalytics.com ct.pinterest.com px.ads.linkedin.com *.analytics.google.com cdn.jsdelivr.net *.reviews.io https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com grwapi.net *.apple.com *.cdn-apple.com storage.googleapis.com platform-api.sharethis.com buttons-config.sharethis.com https://www.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com/ *.agechecked.com *.googleapis.com *.bootstrapcdn.com *.doofinder.com *.api.useinsider.com *.hotjar.com *.klarnaservices.com *.klarnauserservices.com *.klarnaevt.com *.bronto.com *.nr-data.net *.facebook.com *.facebook.net *.trustpilot.com *.loyaltylion.net *.criteo.com *.criteo.net *.freshchat.com *.reviews.co.uk *.cloudfront.net *.postcodeanywhere.co.uk *.prettifyjs.net *.gerber-store.co.uk cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.bglobale.com *.global-e.com *.fontawesome.com maxcdn.bootstrapcdn.com https://cdn.nibble.website https://fonts.googleapis.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com tags.srv.stackadapt.com grwapi.net widget.reviews.co.uk data: *.reviews.io https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://cdn.nibble.website 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.agechecked.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.wepowerconnections.com https://the.sciencebehindecommerce.com *.bootstrapcdn.com *.doofinder.com *.api.useinsider.com *.hotjar.com *.klarnaservices.com *.klarnauserservices.com *.klarnaevt.com *.bronto.com *.nr-data.net *.facebook.com *.facebook.net *.trustpilot.com *.loyaltylion.net *.loyaltylion.com *.criteo.com *.criteo.net *.smartmetrics.co.uk *.socital.com *.doubleclick.net *.reviews.co.uk *.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com ekr.zdassets.com/ www.gstatic.com https://cdn.nibble.website https://dev.api.nibble.website https://api.nibble.website chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com cdn.jsdelivr.net s.pinimg.com snap.licdn.com sleeknotecustomerscripts.sleeknote.com td.yieldify.com bat.bing.com tags.srv.stackadapt.com track.sweetanalytics.com ct.pinterest.com px.ads.linkedin.com *.analytics.google.com widget.reviews.co.uk grwapi.net/ *.cloudfront.net *.reviews.io *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.google.com google.com *.apple.com storage.googleapis.com l.sharethis.com ws.hotjar.com *.hotjar.io 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src *.bootstrapcdn.com *.doofinder.com *.api.useinsider.com *.hotjar.com *.klarnaservices.com *.klarnauserservices.com *.klarnaevt.com *.bronto.com *.nr-data.net *.facebook.com *.facebook.net *.trustpilot.com *.loyaltylion.net *.criteo.com *.criteo.net chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com widget.reviews.co.uk *.apple.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' taylorhawkes.com; 1
font-src *.fontawesome.com *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com *.sharethis.com *.dotdigital-pages.com *.dotdigital.com account.fetchify.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.frogbikes.com *.usercentrics.eu www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com *.sharethis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.frogbikes.com *.usercentrics.eu www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.sharethis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.usercentrics.eu *.jquery.com *.frogbikes.com *.newrelic.com *.lr-in-prod.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com cc-cdn.com *.fontawesome.com unsafe-inline *.frogbikes.com *.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.sharethis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com bam.nr-data.net *.usercentrics.eu *.google-analytics.com *.lr-in-prod.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com *.binotel.com *.binotel.ua www.googleservices.com *.google.com *.gstatic.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com www.googletagmanager.com www.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.binotel.com *.binotel.ua 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net www.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com quickchart.io img.youtube.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.googleapis.com maps.gstatic.com *.binotel.com *.binotel.ua data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com cdn.jsdelivr.net connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com twitter.com platform.twitter.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com static.addtoany.com *.binotel.com *.binotel.ua *.jsdelivr.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net fonts.gstatic.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.binotel.com *.binotel.ua www.googleservices.com *.google.com *.gstatic.com *.googleapis.com *.jsdelivr.net 'self' 'unsafe-inline'; object-src *.binotel.com *.binotel.ua 'self' 'unsafe-inline'; media-src *.adobe.com *.binotel.com *.binotel.ua 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.sandbox.paypal.com https://www.paypal.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com maps.googleapis.com *.binotel.com *.binotel.ua wss://wschat1.binotel.com:9021 wss://wschat1.binotel.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.google-analytics.com https://www.google-analytics.com http://www.google.com https://www.google.com http://fonts.googleapis.com https://www.googletagmanager.com http://fonts.googleapis.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com http://player.vimeo.com/ https://player.vimeo.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com http://www.gstatic.com https://www.gstatic.com http://www.google.com https://www.google.com http://fonts.googleapis.com http://fonts.googleapis.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://us1.siteimprove.com/ https://us1.siteimprove.com/ http://siteimproveanalytics.com https://siteimproveanalytics.com http://www.googleadservices.com https://www.googleadservices.com http://connect.facebook.net https://connect.facebook.net http://platform.twitter.com https://platform.twitter.com http://static.ads-twitter.com https://static.ads-twitter.com http://googleads.g.doubleclick.net https://googleads.g.doubleclick.net http://analytics.twitter.com https://analytics.twitter.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' http://cloud.typography.com/ https://cloud.typography.com/ http://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://www.robinskaplan.com/; media-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com http://player.vimeo.com https://player.vimeo.com; img-src * 'self' 'unsafe-inline' 'unsafe-eval' data: filesystem:; font-src 'self' data: http://cloud.typography.com https://cloud.typography.com https://www.robinskaplan.com; frame-src 'self' http://player.vimeo.com https://player.vimeo.com http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com https://www.google.com http://analytics.clickdimensions.com https://analytics.clickdimensions.com http://bid.g.doubleclick.net/ https://bid.g.doubleclick.net/; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' consentcdn.cookiebot.com connect.facebook.net script.hotjar.com sgtm.spotlermultisite.kinsta.cloud static.hotjar.com static.addtoany.com kit.fontawesome.com *.gatorleads.co.uk squeezely.tech snap.licdn.com bat.bing.com js.usemessages.com js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net *.hs-scripts.com consent.cookiebot.com www.clarity.ms webchat.eazy.im unpkg.com region1.google-analytics.com *.clarity.ms *.cookiebot.eu *.cookiebot.com guru.communigator.co.uk widget.trustpilot.com static.ads-twitter.com www.buzzsprout.com www.youtube.com *.spotler.co.uk *.tawk.to static.oktopost.com t.wowanalytics.co.uk www.clickcease.com okt.to www.gstatic.com cdn.jsdelivr.net *.mailplus.nl *.calendly.com *.google.com google.com cdn.leadinfo.net *.spotlerleads.nl spotlerscript.com *.recruiteecdn.com *.cloudflare.com *.calconic.com *.cloudfront.net platform.instagram.com www.instagram.com *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net www.googletagservices.com *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net adservice.google.com adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.bs adservice.google.ca adservice.google.ch adservice.google.ci adservice.google.cl adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.mz adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com.ai adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.co adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fr adservice.google.ge adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.jo adservice.google.kz adservice.google.li adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.mk adservice.google.mu adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.se adservice.google.si adservice.google.sk adservice.google.so adservice.google.sr adservice.google.tl adservice.google.tn adservice.google.tt google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: assets.calendly.com www.gstatic.com me.kis.v2.scr.kaspersky-labs.com *.tawk.to *.calendly.com webchat.eazy.im *.vimeocdn.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: forms.hsforms.com sgtm.spotlermultisite.kinsta.cloud *.usercentrics.eu t.squeezely.tech www.facebook.com bat.bing.com px.ads.linkedin.com imgsct.cookiebot.com googleads.g.doubleclick.net www.google.com.sg *.clarity.ms www.google.nl *.spotler.co.uk *.spotler.com *.spotlermultisite.kinsta.cloud t.co analytics.twitter.com *.tawk.to *.calendly.com signon.communigator.co.uk *.bing.com secure.gravatar.com www.gravatar.com *.googlesyndication.com stats.g.doubleclick.net data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com i.ytimg.com www.googletagmanager.com; connect-src 'self' js.hs-banner.com api.hubspot.com forms.hscollectedforms.net consentcdn.cookiebot.com *.fontawesome.com sgtm.spotlermultisite.kinsta.cloud content.hotjar.io wss://ws.hotjar.com bat.bing.com px.ads.linkedin.com *.google.com vc.hotjar.io consentcdn.cookiebot.eu *.clarity.ms region1.google-analytics.com webchat.eazy.im www.googleadservices.com *.tawk.to google.com google.co.uk google.nl www.google.co.uk www.google.nl www.facebook.com *.calendly.com *.smooch.io *.leadinfo.net *.leadinfo.com *.communigator.co.uk wss://*.tawk.to *.calconic.com *.recruitee.com *.vimeo.com *.googlesyndication.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com ampcid.google.com analytics.google.com about: www.googletagmanager.com; font-src 'self' data: ka-f.fontawesome.com *.tawk.to webchat.eazy.im data: fonts.gstatic.com fonts.googleapis.com; frame-src 'self' static.addtoany.com consentcdn.cookiebot.com consentcdn.cookiebot.eu td.doubleclick.net www.spotlerpages.com www.youtube-nocookie.com www.buzzsprout.com 8935560.fls.doubleclick.net cgt.bz *.calendly.com calendly.com *.communigator.co.uk google.com *.google.com www.google.com *.tawk.to www.instagram.com *.vimeo.com *.vimeocdn.com *.googlesyndication.com googleads.g.doubleclick.net www.youtube.com www.googletagmanager.com; child-src 'self' *.vimeo.com *.vimeocdn.com www.youtube.com www.googletagmanager.com; base-uri 'self' ; form-action 'self' ; frame-ancestors 'self' *.communigator.co.uk communigator.co.uk; block-all-mixed-content; report-uri https://spotlermultisite.kinsta.cloud/?gdsih-csp-report; 1
base-uri 'self'; child-src blob:; connect-src 'self' * blob:; default-src 'none'; font-src 'self' * data:; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://js.stripe.com https://privacy-central.securiti.ai; img-src 'self' * about: blob: data:; media-src * blob: data:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub76ded8377f7502c3dcedbac113428770&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:brownsugar-prod; script-src 'self' 'unsafe-eval' 'unsafe-inline' * data:; style-src 'self' 'unsafe-inline' * data:; worker-src 'self' blob: 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net *.googleapis.com data: maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.google.com *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com blob: ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com store.paradoxlabs.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ www.google.com *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.authorize.net maps.googleapis.com cdn.ampproject.org www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com downloads.mailchimp.com www.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net cdn.ampproject.org www.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: *.fontawesome.com maxcdn.bootstrapcdn.com static.klaviyo.com *.typekit.net https://cdnjs.cloudflare.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com www.google.com maps.googleapis.com chart.googleapis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.wesupply.xyz https://wesupplylabs.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com www.facebook.com *.gstatic.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com *.originalstyle.com *.google.lk *.clarity.ms *.bing.com *.cloudfront.net *.sawblade.org.uk www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com player.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com connect.facebook.net *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ chart.googleapis.com *.googletagmanager.com *.facebook.net *.avada.io maps.google.com cdn.jsdelivr.net *.clarity.ms *.bing.com *.pinimg.com *.pinterest.com *.cloudflareinsights.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net static-tracking.klaviyo.com *.typekit.net https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ maps.googleapis.com chart.googleapis.com *.google-analytics.com https://get.geojs.io *.avada.io *.clarity.ms *.pinterest.com *.bing.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-Nqo-tgeItPhe_BQ1Ig5d_A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com test.test.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-22sGIJk2KdX5SOAnp6tvFw=='; report-uri https://send.hsbrowserreports.com/csp/report; 1
font-src https://*.gstatic.com *.fontawesome.com https://fonts.gstatic.com *.alothemes.com *.magepow.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://*.gstatic.com https://images.unsplash.com www.feedoptimise.com cdn.feedoptimise.com *.alothemes.com *.magepow.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com www.feedoptimise.com cdn.feedoptimise.com *.alothemes.com *.magepow.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com tagmanager.google.com *.ometria.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com/ *.fontawesome.com https://fonts.googleapis.com *.alothemes.com *.magepow.com unsafe-inline assets.braintreegateway.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com api.addressy.com *.alothemes.com *.magepow.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.ometria.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://a151097b-34c7-4698-ad35-1b435107f987.sansec.watch/; report-to report-endpoint; 1
default-src 'self' https: wss://nexus-websocket-a.intercom.io; font-src 'self' https: data: https://fonts.googleapis.com; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: cdnjs.cloudflare.com https://cdn.jsdelivr.net https://www.gstatic.com cdn.segment.com cdn.mxpnl.com *.google-analytics.com www.googletagmanager.com *.nr-data.net maps.googleapis.com service.force.com https://static.cloudflareinsights.com js-agent.newrelic.com 'nonce-dde04d19ce5be022c2ee6416549cb2c6'; style-src 'self' https: 'unsafe-inline' https://cdn.jsdelivr.net cdnjs.cloudflare.com maxcdn.bootstrapcdn.com 1
font-src *.fontawesome.com *.findologic.com fonts.gstatic.com maxcdn.bootstrapcdn.com fonts.googleapis.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com secure.pay1.de payments.amazon.de www.jsctool.com www.youtube.com *.google.com https://www.googletagmanager.com/ *.google.com/ js.mollie.com www.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://www.magezon.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net www.facebook.com widgets.trustedshops.com *.google.de *.usercentrics.eu http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com quickchart.io img.youtube.com https://www.mollie.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com maps.googleapis.com jquery.sellxed.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com www.jsctool.com widget.freshworks.com m2epro.freshdesk.com rns.matelso.de *.google.com *.clarity.ms *.findologic.com widgets.trustedshops.com googleads.g.doubleclick.net *.adform.net *.googlecommerce.com *.kk-resources.com *.usercentrics.eu *.s24.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.google.com/ js.mollie.com connect.facebook.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com d.ratepay.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com *.findologic.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com payments.amazon.de d.ratepay.com www.jsctool.com widget.freshworks.com m2epro.freshdesk.com rns.matelso.de *.clarity.ms *.usercentrics.eu *.demdex.net http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.paypalobjects.com 'self' 'unsafe-inline'; 1
frame-ancestors 'self'; report-uri https://www.couriermail.com.au/csp-reports 1
script-src 'nonce-UP4uiLGfi4Nq2-qBV3haJg' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl; base-uri 'none' 1
script-src https: 'strict-dynamic' 'report-sample' 'nonce-RCGY04lkkNxLTAgaYx8VmHLhE4xpzu8mzGhHH5N95d0='; base-uri 'self';report-to csp-endpoint 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com test.test.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-N/IhT0EAONZZC1Lo/LaOlw=='; report-uri https://send.hsbrowserreports.com/csp/report; 1
object-src 'none';base-uri 'self';script-src 'nonce-2TU_TCzKNVCXjbhnmhn6KQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.google-analytics.com https://*.moatads.com https://*.doubleclick.net https://*.newrelic.com https://*.nr-data.net https://*.googlevideo.com https://*.arcgis.com https://*.gov.uk https://*.facebook.com; frame-src 'self' https://*.youtube.com https://www.googletagmanager.com https://*.arcgis.com; report-uri https://snhwebsite.report-uri.com/r/d/csp/reportOnly 1
font-src *.googleapis.com *.gstatic.com data: *.cloudfront.net *.fontawesome.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.fls.doubleclick.net www.facebook.com *.google.com consentcdn.cookiebot.com secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com https://images.unsplash.com stats.g.doubleclick.net *.doubleclick.net *.g.doubleclick.net www.facebook.com *.google.com *.google.de *.googletagmanager.com *.google-analytics.com *.googleusercontent.com bat.bing.com c.clarity.ms c.bing.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net https://img.youtube.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com connect.facebook.net *.google.com *.googletagmanager.com *.google-analytics.com www.gstatic.com bam.nr-data.net bam.eu01.nr-data.net js-agent.newrelic.com tagmanager.google.com consent.cookiebot.com consentcdn.cookiebot.com bat.bing.com www.clarity.ms secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io s7.addthis.com *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com tagmanager.google.com d.ratepay.com d.payla.io dr.payla.io *.fontawesome.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com stats.g.doubleclick.net bam.nr-data.net bam.eu01.nr-data.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.maps.googleapis.com *.google.com *.gstatic.com consentcdn.cookiebot.com googleads.g.doubleclick.net www.facebook.com h.clarity.ms payments.amazon.de d.ratepay.com jsctool.com eu.playground.klarnaevt.com ekr.zdassets.com/ t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-OtZS7jWEIBWS3KRx7rygEQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none' report-uri https://o244114.ingest.sentry.io/api/1420725/security/?sentry_key=d59dabdf03794a039923edd4ac216d88&sentry_environment=production 1
font-src *.doubleclick.net *.adobedtm.com *.adobe.com *.tawk.to *.sooqr.com *.fontawesome.com *.gstatic.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.cookiebot.com js.mollie.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.google.com *.google.nl *.cookiebot.com *.spotlersearch.com https://www.mollie.com *.sooqr.com www.magmodules.eu *.squeezely.tech *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.doubleclick.net *.adobedtm.com *.tawk.to *.luckyorange.com *.sooqr.com *.spotlersearch.com spotlersearchanalytics.com *.jsdelivr.net *.googletagmanager.com *.googleapis.com *.cookiebot.com *.addthis.com js.mollie.com squeezely.tech www.squeezely.tech *.squeezely.tech *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.tawk.to *.sooqr.com *.fontawesome.com *.tagmanager.google.com *.googleapis.com *.spotlersearch.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.doubleclick.net *.adobedtm.com *.adobe.com *.googleapis.com *.tawk.to *.luckyorange.com *.sooqr.com *.google-analytics.com wss://* *.cookiebot.com squeezely.tech *.squeezely.tech https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.gstatic.com webserver-diez-prd.lfr.cloud www.dso.ae ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com https://acsbapp.com https://snap.licdn.com https://maps.googleapis.com https://static.ads-twitter.com https://analytics.twitter.com https://connect.facebook.net https://cdn.cookielaw.org https://www.youtube.com https://static.addtoany.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://js-agent.newrelic.com https://geolocation.onetrust.com https://bam-cell.nr-data.net https://cdnsecakmi.kaltura.com https://cdnapisec.kaltura.com http://cdnapi.kaltura.com https://www.google-analytics.com https://cdn.jsdelivr.net https://script.crazyegg.com https://static.cloudflareinsights.com https://www.google.com https://www.gstatic.com https://bam.nr-data.net https://hm.baidu.com/hm.js blob:; object-src 'self' 'unsafe-inline' 'unsafe-eval' https: data; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://acsbapp.com https://maps.googleapis.com  https://fonts.googleapis.com https://www.youtube.com https://static.addtoany.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://js-agent.newrelic.com https://geolocation.onetrust.com https://bam-cell.nr-data.net https://script.crazyegg.com https://static.cloudflareinsights.com https://cdnapisec.kaltura.com; frame-ancestors self; report-uri /jp-ja/report-csp-violation 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' use.typekit.net www.williamashley.com www.google.com *.google-analytics.com www.googletagmanager.com connect.facebook.net *.pinimg.com *.livechatinc.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com assets.pinterest.com *.cloudmaestro.com maps.googleapis.com tpc.googlesyndication.com static.zdassets.com; report-uri /.webscale/csp-report 1
object-src 'none';base-uri 'self';script-src 'nonce-0_BpVtXhz-F_VPeXQ2E7CA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self'; object-src 'self'; child-src 'self' https://*.youtube.com; connect-src 'self' wss://proxy.qubeshub.org wss://vncproxy.qubeshub.org wss://qubeshub.org https://qubeshub.org/api/members/tools/diskusage https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://www.dropbox.com https://api.scite.ai https://maps.googleapis.com https://docs.google.com https://monorail-edge.shopifysvc.com/v1/ https://simiode.myshopify.com/api/2021-07/ https://region1.google-analytics.com/g/ https://sagecell.sagemath.org wss://sagecell.sagemath.org/sockjs/; default-src 'self' https://*.qubeshub.org; font-src about: chrome-extension: data: https://fonts.gstatic.com safari-extension: 'self' https://use.typekit.net https://storage.googleapis.com/speechify-website-assets/fonts/ https://cdn.scite.ai/assets/fonts/scite-icons/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cdn.scite.ai/assets/fonts/scite-icons/ https://use.fontawesome.com/releases/v4.7.0/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.11.2/webfonts/ https://at.alicdn.com/t/ https://fonts.cdnfonts.com/css/dejavu-serif https://sagecell.sagemath.org/static/ https://cdn.jsdelivr.net/npm/mathjax@3/es5/ https://fonts.cdnfonts.com/s/109/; form-action 'self' https://platform.twitter.com https://syndication.twitter.com https://www.paypal.com/donate https://www.paypal.com/cgi-bin/webscr; frame-ancestors 'self' https://qubeshub.org/; frame-src 'self' https://*.qubeshub.org https://content.googleapis.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://youtube.com https://player.vimeo.com https://calendar.google.com https://www.youtube.com https://vimeo.com https://docs.google.com https://accounts.google.com https://recaptcha.net https://admin.google.com https://syndication.twitter.com https://platform.twitter.com https://app.genial.ly/ https://app.involve.me/qubes/ https://cdnapisec.kaltura.com https://community.gep.wustl.edu https://creativecommons.org https://docs.google.com https://etherpad.opendev.org https://etherpad.openstack.org https://fortress.maptive.com https://giphy.com https://gvsu.hosted.panopto.com https://open.spotify.com https://padlet.com/ https://rpubs.com https://shorts.flipgrid.com https://w.soundcloud.com/ https://www.educreations.com https://www.geogebra.org https://www.google.com/ https://www.mentimeter.com https://www.rpubs.com https://www.youtube.com; img-src * data: image: file: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.googletagmanager.com/gtag/js https://www.google.com/jsapi https://www.gstatic.com/charts/ https://cdnjs.cloudflare.com/ajax/libs/gsap/1.20.3/TweenMax.min.js https://cdnjs.cloudflare.com/ajax/libs/ScrollMagic/2.0.5/ScrollMagic.js https://cdnjs.cloudflare.com/ajax/libs/ScrollMagic/2.0.5/plugins/ https://apis.google.com/js/client:plusone.js https://apis.google.com/_/scs/apps-static/_/js/ https://platform.twitter.com/widgets.js https://abs.twimg.com/responsive-web/client-web/ https://platform.twitter.com/js/ https://cdn.syndication.twimg.com/timeline/ https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js https://cdn.mathjax.org/mathjax/contrib/a11y/ https://code.jquery.com https://embedr.flickr.com/assets/ https://releases.flowplayer.org/ https://sdks.shopifycdn.com/ https://secure.givelively.org https://use.fontawesome.com/88cd5351e6.js https://widgets.flickr.com/embedr/ https://www.geogebra.org https://sagecell.sagemath.org/static/embedded_sagecell.js https://cdn.jsdelivr.net/npm/mathjax@3/es5/ https://pretextbook.org/js/ https://cdnjs.cloudflare.com/ajax/libs/lunr.js/ https://ssl.google-analytics.com/ga.js; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://www.google.com https://code.jquery.com https://cdnjs.cloudflare.com https://www.gstatic.com https://p.typekit.net https://use.typekit.net https://platform.twitter.com/css/ https://ton.twimg.com/tfw/css/ https://use.fontawesome.com/88cd5351e6.css https://use.fontawesome.com/releases/v4.7.0/css/font-awesome-css.min.css https://releases.flowplayer.org/ https://pretextbook.org/css/ https://fonts.cdnfonts.com/css/dejavu-serif.css https://fonts.cdnfonts.com/css/dejavu-serif; worker-src blob:; media-src 'self' data:; report-uri https://csp.hubzero.org/csp-cms.php 1
font-src *.cloudfront.net 'self' data: *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.doubleclick.net *.nr-data.net *.amphenolrf.com *.typekit.net *.livechatinc.com *.genial.ly *.clarity.ms *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.affirm.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com *.cloudfront.net *.youtube.com *.olark.com *.google.com *.google-analytics.com *.affirm.com *.doubleclick.net *.newrelic.com *.nr-data.net *.livechatinc.com *.amphenolrf.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com validator.swagger.io data: d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.cloudfront.net *.symantec.com *.bootstrapcdn.com *.olark.com *.gstatic.com *.google.com *.googleapis.com *.doubleclick.net *.newrelic.com *.nr-data.net *.amphenolrf.com *.typekit.net *.hubspot.com *.hsforms.com *.livechatinc.com *.genial.ly *.clarity.ms *.bing.com https://redchamps.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.google.com *.google-analytics.com *.googletagmanager.com *.olark.com static.olark.com *.symantec.com *.mouseflow.com chimpstatic.com *.affirm.com *.gstatic.com *.googleapis.com *.cloudfront.net *.doubleclick.net *.newrelic.com *.nr-data.net *.livechatinc.com *.hs-scripts.com *.hsleadflows.net *.hs-banner.com *.hscollectedforms.net *.hs-analytics.net *.amphenolrf.com *.genial.ly *.clarity.ms *.avada.io *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.cloudfront.net *.cloudflare.com *.olark.com *.bootstrapcdn.com *.googleapis.com *.doubleclick.net *.newrelic.com *.nr-data.net *.amphenolrf.com *.typekit.net *.genial.ly *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.cloudfront.net *.google-analytics.com *.google.com *.olark.com *.affirm.com *.groupbycloud.com *.doubleclick.net *.newrelic.com *.nr-data.net *.hubspot.com *.hscollectedforms.net *.amphenolrf.com *.genial.ly *.clarity.ms https://get.geojs.io *.avada.io *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /iwd_csp/report/log; report-to report-endpoint; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: rum-static.pingdom.net cdnpub.websitepolicies.com assets.corporatespending.com js-agent.newrelic.com rum-collector-2.pingdom.net www.googletagmanager.com *.googleapis.com *.gstatic.com bam.nr-data.net assets.csiglobalvcard.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
script-src 'strict-dynamic' *.hubspotusercontent-na1.net *.cortex-intelligence.com cdn2.hubspot.net *.hubspot.com *.hubspotusercontentxx.net js.hscollectedforms.net js.hsleadflows.net js.hs-scripts.com js.hsadspixel.net js.hs-analytics.net js.hs-banner.com js.hs-banner.net *.hsforms.net *.hsforms.com static.hsappstatic.net js.hubspotfeedback.com feedback.hubapi.com js.usemessages.com *.vidyard.com *.omappapi.com *.googleapis.com https://cdn.jsdelivr.net/npm/swiper@11/swiper-bundle.min.css 'unsafe-inline' http: https: 'nonce-3vnlpBWNcB5UMc82OsVhRg=='; style-src https://cdn.jsdelivr.net/npm/swiper@11/swiper-bundle.min.css *.hubspot.net *.onesignal.com *.omappapi.com *.cortex-intelligence.com *.googleapis.com *.googletagmanager.com *.hsappstatic.net 'unsafe-inline'; img-src 21650114.fs1.hubspotusercontent-na1.net *.clarity.ms googleads.g.doubleclick.net 8917234.fs1.hubspotusercontent-na1.net *.hubspotusercontent-na1.net *.cortex-intelligence.com *.hsforms.com *.hubspot.com *.hubspot.net *.hsappstatic.net *.omappapi.com *.google.com *.ads.linkedin.com *.google-analytics.com *.bing.com *.google.com *.facebook.com *.google.com.br *.googletagmanager.com fonts.gstatic.com data:; base-uri 'self'; font-src *.googleapis.com 8917234.fs1.hubspotusercontent-na1.net *.cortex-intelligence.com *.gstatic.com data:; object-src 'none'; frame-ancestors; ; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://octane.co https://*.octane.co https://ride-static.octane.co https://ride-api.octane.co https://octane.co https://*.octane.co https://octanelending.com https://*.octanelending.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.google.com *.vwo.com *.visualwebsiteoptimizer.com *.intercom.io *.intercomcdn.com *.onetrust.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://octane.co https://*.octane.co https://ride-static.octane.co https://ride-api.octane.co https://octane.co https://*.octane.co https://octanelending.com https://*.octanelending.com fonts.googleapis.com www.gstatic.com app.vwo.com www.googletagmanager.com translate.googleapis.com; frame-ancestors 'self' https://polarisxchange.com https://slingshot.polarisxchange.com https://indianmotorcycle.polarisxchange.com https://www.rvs.com https://rvs.com https://www.atvrider.com https://www.cyclevolta.com https://www.cycleworld.com https://www.dirtrider.com https://www.motorcyclecruiser.com https://www.motorcyclistonline.com https://www.utvdriver.com https://octane.co https://*.octane.co https://ride-static.octane.co https://ride-api.octane.co https://octanelending.com https://*.octanelending.com; worker-src 'self' blob:; upgrade-insecure-requests; report-uri https://o93495.ingest.sentry.io/api/1772648/security/?sentry_key=4ffb66d59a0344a186016dae83fcc148&sentry_environment=production 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.windows.net www.googletagmanager.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com *.freshchat.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.instagram.com www.google.com *.multisafepay.com https://pay.google.com https://cyp.collectyourparcel.eu *.freshchat.com *.tangiblee.com td.doubleclick.net *.criteo.net *.criteo.com google.com googleads.g.doubleclick.net googletagmanager.com *.doubleclick.net google.com/pagead/landing *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.sharethis.com *.cdninstagram.com https://static.buckaroo.nl *.multisafepay.com www.magmodules.eu *.squeezely.tech *.freshchat.com *.tangiblee.com *.thelittlegreenbag.nl *.thelittlegreenbag.com www.google.nl bat.bing.com *.criteo.net *.criteo.com *.adnxs.com *.doubleclick.net contextual.media.net pixel.rubiconproject.com rtb-csync.smartadserver.com sync-t1.taboola.com criteo-sync.teads.tv eb2.3lift.com s.thebrighttag.com ups.analytics.yahoo.com visitor.omnitagjs.com ad.360yield.com match.sharethrough.com criteo-partners.tremorhub.com ad.yieldlab.net beacon.krxd.net google.com googletagmanager.com google.com/pagead/landing *.trackjs.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.sharethis.com *.instagram.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl www.google.com https://www.gstatic.com *.multisafepay.com https://pay.google.com squeezely.tech www.squeezely.tech *.squeezely.tech https://cyp.collectyourparcel.eu *.freshchat.com *.tangiblee.com *.analytics.google.com *.criteo.net *.criteo.com www.dwin1.com bat.bing.com lantern.roeyecdn.com google.com googletagmanager.com *.doubleclick.net google.com/pagead/landing *.newrelic.com https://cdnjs.cloudflare.com *.trustedshops.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.fontawesome.com *.multisafepay.com *.freshchat.com https://cdnjs.cloudflare.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://ipinfo.io *.multisafepay.com squeezely.tech *.squeezely.tech *.tangiblee.com *.analytics.google.com stats.g.doubleclick.net pagead2.googlesyndication.com *.criteo.net *.criteo.com google.com googleads.g.doubleclick.net googletagmanager.com *.doubleclick.net www.google.com google.com/pagead/landing *.nr-data.net *.trustedshops.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-3eMRlVgDbPmtRjh3gkyJsw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' *.googleapis.com *.gstatic.com www.openstreetmap.org secure.ogone.com *.youtube.com player.vimeo.com *.vimeocdn.com ;  report-uri /cspreport; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com ajax.aspnetcdn.com *.google-analytics.com translate.google.com *.readspeaker.com *.googleapis.com www.openlayers.org openlayers.org *.openstreetmap.org *.typekit.net www.googletagmanager.com matomoembraceklantportaal.azurewebsites.net; connect-src 'self' *.typekit.net *.google-analytics.com *.stats.g.doubleclick.net *.umbraco.org *.openstreetmap.org *.googleapis.com *.analytics.google.com ws://lefier.nl matomoembraceklantportaal.azurewebsites.net; img-src 'self' *.umbraco.org umbraco.tv www.gravatar.com pbs.twimg.com cdn.jsdelivr.net *.typekit.net *.google-analytics.com placehold.it *.gstatic.com www.google.com translate.googleapis.com *.googleapis.com *.openstreetmap.org www.openlayers.org openlayers.org api.maptiler.com umbracowebportalsnonprod.azureedge.net *.analytics.google.com www.googletagmanager.com ; media-src 'self' ; font-src 'self' data: *.typekit.net *.gstatic.com ; style-src 'self' 'unsafe-inline' *.typekit.net *.googleapis.com www.openlayers.org openlayers.org www.gstatic.com ; frame-ancestors 'self' ;  1
font-src fonts.gstatic.com 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src *.vimeo.com *.texdecor.test *.texdecor.com www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com *.vimeocdn.com s.ytimg.com data *.cdninstagram.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.texdecor.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.instagram.com *.texdecor.test *.texdecor.com *.fact-finder.fr www.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com thm.visa.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com data: *.yotpo.com *.googleapis.com *.gstatic.com www.ishopping.pk d3uz6obq3251t9.cloudfront.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.yotpo.com ipg1.apps.net.pk www.ishopping.pk d3uz6obq3251t9.cloudfront.net 'self' 'unsafe-inline'; frame-ancestors www.ishopping.pk d3uz6obq3251t9.cloudfront.net 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.hotjar.com *.google.com *.facebook.com *.trustpilot.com *.criteo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com static.addtoany.com td.doubleclick.net r.srvtrck.com www.ishopping.pk d3uz6obq3251t9.cloudfront.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com www.google.com.pk static.geetest.com www.google.co.in www.google.ie blob www.google.de testpaymentapi.hbl.com www.aksa.com.pk cdn.klarna.com img.youtube.com s-media-cache-ak0.pinimg.com www.ishopping.pk media.licdn.com www.google.com.au www.magentocommerce.com images.philips.com www2.ishopping.pk www.google.fr www.google.com.sa www.analytics-debugger.com file www.google.co.uk www.google.ae www.shophive.com www.google.com.ec www.google.com.sg www.google.com.tw www.google.it www.google.com.qa g-ecx.images-amazon.com images.samsung.com im3.ezgif.com www.google.com.tr www.google.es www.google.be www.sony.com.my www.google.ca www.google.pl www.google.com.kw www.google.co.uz www.xeroxscanners.com www.google.se www.google.fi www.google.dz www.google.com.do www.google.sk www.google.lv www.google.hr www.techglobe.pk d3uz6obq3251t9.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.paypal.com *.google.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.googleadservices.com api.comapi.com snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com *.youtube.com cdn.mouseflow.com player.vimeo.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com static.addtoany.com graph.facebook.com maxcdn.bootstrapcdn.com gcaptcha4.geetest.com static.geetest.com s7.addthis.com www.pagespeed-mod.com ipinfo.io gcaptcha4.geevisit.com decision.etc4.com static.geevisit.com www.ishopping.pk d3uz6obq3251t9.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.googleapis.com checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net unsafe-inline *.yotpo.com static.geetest.com www.ishopping.pk d3uz6obq3251t9.cloudfront.net 'self' 'unsafe-inline'; object-src www.ishopping.pk d3uz6obq3251t9.cloudfront.net 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com data www.ishopping.pk d3uz6obq3251t9.cloudfront.net 'self' 'unsafe-inline'; manifest-src www.ishopping.pk d3uz6obq3251t9.cloudfront.net 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net *.clarity.ms *.facebook.com *.datatrics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com analytics.google.com insights.algolia.io region1.analytics.google.com www2.ishopping.pk www.google.de www.google.com.pk stats.addtoany.com translate.googleapis.com www.google.co.in www.google.com.ec www.google.com.qa www.google.be www.google.ae meetlookup.com www.google.se o268291.ingest.sentry.io www.google.co.id www.google.md www.ishopping.pk www.google.com.mt www.google.dz d3uz6obq3251t9.cloudfront.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com www.ishopping.pk d3uz6obq3251t9.cloudfront.net http: https: blob: 'self' 'unsafe-inline'; default-src www.ishopping.pk d3uz6obq3251t9.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.ishopping.pk d3uz6obq3251t9.cloudfront.net 'self' 'unsafe-inline'; report-uri /csp_reporter.php; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com yotpo.com 'self' data: 'unsafe-inline' data: *.magentocommerce.com *.googleapis.com *.cloudfront.net *.bootstrapcdn.com fonts.googleapis.com *.hotjar.com *.zopim.com *.fontawesome.com *.paypal.com *.feefo.com *.pcapredict.com *.postcodeanywhere.co.uk *.magentosite.cloud *.yotpo.com https://cdnjs.cloudflare.com maxcdn.bootstrapcdn.com connect.facebook.net *.amazonaws.com *.acsbapp.com https://use.typekit.net/fpf5obn.css https://use.typekit.net use.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com https://infinity-public-js.500apps.com/widget.min.js *.500apps.com yotpo.com www.apptrian.com facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com 'self' data: 'unsafe-inline' data: *.authorize.net *.sandbox.paypal.com *.vimeo.com *.googletagmanager.com *.cardinalcommerce.com *.magentocommerce.com cdn.dnky.co www.youtube.com *.hotjar.com *.google.com/ www.facebook.com *.trustpilot.com *.feefo.com *.pcapredict.com *.postcodeanywhere.co.uk *.magentosite.cloud yotpo.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.yotpo.com swellrewards.com *.swellrewards.com connect.facebook.net *.doubleclick.net *.expertvoice.com *.acsbapp.com https://www.paypalobjects.com https://infinity-public-js.500apps.com/widget.min.js *.500apps.com nytrng.com www.apptrian.com facebook.com graph.facebook.com webchat.dotdigital.com webchat.staging.dotdigital.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.paypal.com *.typekit.net *.gstatic.com 'self' data: 'unsafe-inline' data: *.sandbox.paypal.com *.ytimg.com yotpo.com www.facebook.com *.ssl-images-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de store.paradoxlabs.com *.yotpo.com swellrewards.com *.swellrewards.com *.magentocommerce.com *.cloudfront.net www.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com www.linkedin.com linkedin.com googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.zopim.com cdn.jsdelivr.net *.feefo.com *.pcapredict.com *.postcodeanywhere.co.uk *.magentosite.cloud connect.facebook.net *.adnxs.com *.amplifi.io *.quantserve.com *.mediaiqdigital.com *.doubleclick.net *.hotjar.com *.acgbrands.com https://acgbrands.com *.acsbapp.com alb.reddit.com *.google.co.in i.liadm.com us-central1-addshoppers-data-production.cloudfunctions.net www.apptrian.com facebook.com graph.facebook.com *.trackedlink.net business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://www.magezon.com maps.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.magento-datasolutions.com *.magento-ds.com *.typekit.net google.com *.google.com 'self' data: 'unsafe-inline' data: *.authorize.net *.googleadservices.com *.paypalobjects.com *.braintreegateway.com *.sandbox.paypal.com *.ytimg.com *.google.com/ vimeo.com *.cardinalcommerce.com *.ccdc02.com *.magentocommerce.com *.cloudfront.net www.google.com gstatic.com www.gstatic.com *.googletagmanager.com *.googleapis.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com connect.facebook.net www.feedbackcompany.com *.google-analytics.com *.trustpilot.com cdn.jsdelivr.net www.googleoptimize.com www.clarity.ms *.paypal.com *.feefo.com *.pcapredict.com *.postcodeanywhere.co.uk *.magentosite.cloud yotpo.com www.facebook.com *.trackedweb.net *.dotdigital-pages.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital.com https://storage.googleapis.com *.yotpo.com swellrewards.com *.swellrewards.com *.quantcount.com *.quantserve.com *.doubleclick.net *.experticity.com *.dwin1.com *.expertvoice.com *.acsbapp.com https://acsbapp.com/apps/app/dist/js/app.js https://acsbapp.com https://shop.pe https://shopper.shop.pe/input.js https://infinity-public-js.500apps.com/widget.min.js *.500apps.com *.redditstatic.com addshoppers.s3.amazonaws.com www.apptrian.com facebook.com graph.facebook.com *.ddlnk.net debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com s7.addthis.com maps.googleapis.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com 'self' data: 'unsafe-inline' data: getfirebug.com *.googleapis.com *.magentocommerce.com *.cloudfront.net *.bootstrapcdn.com cdn.dnky.co *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net *.paypal.com *.feefo.com *.pcapredict.com *.postcodeanywhere.co.uk *.magentosite.cloud *.yotpo.com *.dotdigital.com swellrewards.com *.swellrewards.com connect.facebook.net https://cdnjs.cloudflare.com *.acsbapp.com *.typekit.net https://use.typekit.net/fpf5obn.css https://p.typekit.net yotpo.com webchat.dotdigital.com webchat.staging.dotdigital.com assets.braintreegateway.com tagmanager.google.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.paypal.com google.com *.google.com 'self' data: 'unsafe-inline' data: *.cloudfront.net *.magentocommerce.com api.comapi.com *.google-analytics.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com www.feedbackcompany.com *.cardinalcommerce.com *.zendesk.com www.clarity.ms *.feefo.com *.pcapredict.com *.postcodeanywhere.co.uk *.magentosite.cloud yotpo.com connect.facebook.net www.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.yotpo.com swellrewards.com *.swellrewards.com *.braintreegateway.com *.braintree-api.com *.cloudflare.com *.googleapis.com *.experticity.com *.grin.co *.acsbapp.com https://infinity-public-js.500apps.com/widget.min.js *.500apps.com shopper.shop.pe app.shop.pe *.acgbrands.com nytrng.com ws2.hotjar.com shop.pe wss://*.hotjar.com www.apptrian.com facebook.com graph.facebook.com webchat.dotdigital.com webchat.staging.dotdigital.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com ekr.zdassets.com/ https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-DLO1w4hm5lJEJqv2IHymVQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-LUL1bxYtdu2I3qTo2qnzhg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-ll_RND2qm5TPd0QwtmKZPg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' data:; script-src 'self' 'self' 'unsafe-inline' ws-assets.zoominfo.com js.hs-scripts.com www.googletagmanager.com snap.licdn.com secure.visionarybusiness7.com ws.zoominfo.com js.hs-analytics.net js.hscollectedforms.net js.hsadspixel.net js.hs-banner.com js.hsleadflows.net script.hotjar.com js.hsforms.net www.emlpayments.com cdn.jsdelivr.net player.vimeo.com js.hubspot.com static.hotjar.com; style-src 'self' 'unsafe-inline' www.emlpayments.com fonts.googleapis.com fonts.gstatic.com www.googletagmanager.com; img-src https: www.emlpayments.com data: emlpayments-stagingcms.imgix.net emlpayments-stagingcms.bla.bio px.ads.linkedin.com track.hubspot.com forms.hsforms.com; connect-src 'self' ws.zoominfo.com forms.hscollectedforms.net emlpayments-stagingcms.bla.bio api.hubapi.com js.hs-banner.com cdn.linkedin.oribi.io forms.hubspot.com www.google-analytics.com analytics.google.com www.analytics.google.com ipinfo.io 61xeik5j3f.execute-api.ap-southeast-2.amazonaws.com; frame-src 'self' player.vimeo.com; manifest-src 'self'; form-action 'self'; frame-ancestors 'self'; base-uri 'self'; object-src 'self'; font-src 'self' www.emlpayments.com data: fonts.gstatic.com; worker-src 'self' blob: www.emlpayments.com; report-uri ; media-src 'self' www.emlpayments.com emlpayments-stagingcms.bla.bio 1
font-src *.fontawesome.com data: *.hotjar.com github.com cdn.honey.io *.photoslurp.com use.typekit.net * data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.redsys.es facebook.com *.adyen.com *.redsys.com *.pinterest.com sas.redsys.es *.facebook.com sas.redsys.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.hotjar.com *.google.com *.addthis.com *.kampyle.com facebook.com docs.google.com *.facebook.com *.pinterest.es *.pinterest.com service.force.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com blob: *.w3.org *.bing.com c.bing.com *.hotjar.com bat.bing.com *.clarity.ms *.google.fr facebook.com *.kampyle.com *.gstatic.com *.ladybird.nl *.google.com *.fbcdn.net *.cookiepro.com *.pinterest.com *.pronovias.com *.facebook.com *.google.es *.photoslurp.com *.googleapis.com *.sanpatrick.com *.nicolemilano.com *.cdninstagram.com instagram.com *.verawangbride.com *.whiteonebridal.com *.googletagmanager.com scontent.fmad7-1.fna.fbcdn.net click.s50.exacttarget.com * data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com unpkg.com *.force.com bat.bing.com *.adyen.com *.pinimg.com *.google.com *.hotjar.com *.tiktok.com dropbox.com gstatic.com *.nr-data.net *.clarity.ms *.moatads.com *.addthis.com *.kampyle.com *.newrelic.com *.gstatic.com *.dropbox.com *.cookiepro.com *.facebook.net *.facebook.com facebook.net *.photoslurp.com *.googleapis.com *.salesforce.com *.addthisedge.com *.secure.force.com http://polyfill.io service.force.com bam.eu01.nr-data.net *.nicolemilano.com *.empathybroker.com x.empathy.co x.staging.empathy.co *.lightning.force.com analytics.tiktok.com *.googletagmanager.com googletagmanager.com *.salesforceliveagent.com static.lightning.force.com *.la3-c1cs-fra.salesforceliveagent.com d.la3-c1cs-fra.salesforceliveagent.com pronoviasgroup.my.salesforce.com *.pinterest.com player.vimeo.com * 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.honey.io *.kampyle.com *.force.com *.photoslurp.com service.force.com *.nicolemilano.com gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.vimeo.com *.akamaized.net *.photoslurp.com player.vimeo.com vod-progressive.akamaized.net * 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.tt.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com wss: bat.bing.com *.force.com *.tiktok.com *.nr-data.net *.hotjar.io *.clarity.ms *.vimeo.com d.clarity.ms h.clarity.ms *.kampyle.com *.hotjar.com vc.hotjar.io ws7.hotjar.com *.instagram.com *.cookiepro.com *.pinterest.com *.amazonaws.com client.rum.us-east-1.amazonaws.com sts.eu-west-1.amazonaws.com ws16.hotjar.com ws20.hotjar.com ws22.hotjar.com ws23.hotjar.com ws33.hotjar.com ws34.hotjar.com *.facebook.com *.googleapis.com *.photoslurp.com *.secure.force.com bam.eu01.nr-data.net *.empathybroker.com x.empathy.co x.staging.empathy.co stats.g.doubleclick.net *.google-analytics.com api.empathybroker.com api.empathy.co api.staging.empathy.co api-staging.empathybroker.com pronoviasgroupcti.secure.force.com analytics.pangle-ads.com properties * 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=_2Obr8v1VGzoy_ZPC9k3R.XxUmdE9S743eWgRZ9Ikgc-1721958834-1.0.1.1-NeLg4c.6rGYeyF.bwU4oSvc3Z7ES6J6CSdmKw..MfPaxn1DEMnFKyQO0e86q3PEb4pAANko5xhQDgc95lb96HoMtOCWpTlWRDb23F.00Wqph_Dtf_cgXpOW8kJHpxi29xbQeQyAhmuZrCQp5CPMa_kK.g761cUNk5pkTmqo1CGl0JsuQ0_kYTmEQ9hxoIQ2v4DByyHnTt_.zIAgClScY.A; report-to cf-wyrlyibpauyjpffx 1
font-src *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com https://d1kd4dmrb4zsrn.cloudfront.net/ *.fontawesome.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.adyen.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.weltpixel.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.trackedlink.net https://images.unsplash.com https://widget.feedaty.com https://d1kd4dmrb4zsrn.cloudfront.net/ https://moib5afm.cdn.imgeng.in/ https://redchamps.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.facebook.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com polyfill.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://widget.feedaty.com https://d1kd4dmrb4zsrn.cloudfront.net/ https://cdn.iubenda.com https://cs.iubenda.com https://ipinfo.io https://intljs.rmtag.com https://player.vimeo.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com maxcdn.bootstrapcdn.com https://widget.feedaty.com https://d1kd4dmrb4zsrn.cloudfront.net/ https://cdn.iubenda.com *.fontawesome.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adyen.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://widget.feedaty.com https://d1kd4dmrb4zsrn.cloudfront.net/  https://moib5afm.cdn.imgeng.in/ https://hits-i.iubenda.com *.google-analytics.com *.facebook.net https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://widget.feedaty.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com; form-action 'self'; connect-src 'self' https://www.google-analytics.com 1
default-src 'self' https://play.vidyard.com; script-src 'unsafe-eval' 'unsafe-inline' 'report-sample' 'self' https://ajax.googleapis.com https://www.googleoptimize.com https://platform.twitter.com https://bat.bing.com https://cdn-ukwest.onetrust.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://connect.facebook.net https://googleads.g.doubleclick.net https://j.6sc.co https://js.adsrvr.org https://munchkin.marketo.net https://pages.blueprism.info https://play.vidyard.com https://siteintercept.qualtrics.com https://snap.licdn.com https://static.ads-twitter.com https://static.cloud.coveo.com https://tracking.g2crowd.com https://unpkg.com https://www.gartner.com https://www.google-analytics.com https://www.googletagmanager.com https://zn6hxtfylyqcfawhp-blueprism.siteintercept.qualtrics.com; style-src 'unsafe-inline' 'unsafe-hashes' 'report-sample' 'self' https://cdnjs.cloudflare.com https://www.blueprism.com https://cloud.typography.com https://fonts.googleapis.com https://higherlogiccloudfront.s3.amazonaws.com https://pages.blueprism.info https://static.cloud.coveo.com https://www.gartner.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://544-mlv-234.mktoresp.com https://analytics.google.com https://bat.bing.com https://cdn-ukwest.onetrust.com https://epsilon.6sense.com https://ipv6.6sc.co https://siteintercept.qualtrics.com https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' data: https://fonts.gstatic.com https://www.blueprism.com https://higherlogiccloudfront.s3.amazonaws.com; frame-src 'self' https://insight.adsrvr.org https://pages.blueprism.info https://platform.twitter.com https://play.vidyard.com https://www.facebook.com; img-src 'self' https://cdn.vidyard.com https://cdn-ukwest.onetrust.com https://www.blueprism.com https://analytics.twitter.com https://b.6sc.co https://bat.bing.com https://files.blueprism.com https://play.vidyard.com https://px.ads.linkedin.com https://reviews.static.gartner.com https://siteintercept.qualtrics.com https://t.co https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self'; frame-ancestors 'self' *.blueprism.com; report-uri https://64c1357f4f8049a8e8acd190.endpoint.csper.io/?v=1; worker-src 'none'; 1
script-src 'nonce-0DDkU2H4CfGgs4bCjysmuw' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
object-src 'none';base-uri 'self';script-src 'nonce-xwRbR0miLYWp3GcAadVTVA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.google.com *.doubleclick.net *.facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com cdn.doofinder.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com cdn.doofinder.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.doofinder.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.doofinder.com wss://*.doofinder.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com fonts.gstatic.com *.fontawesome.com *.aspnetcdn.com *.jsdelivr.net *.googletagmanager.com; img-src * data:; frame-ancestors 'self'; object-src 'none'; form-action 'self'; base-uri 'self'; media-src 'self' s3.amazonaws.com; script-src-elem 'self' 'unsafe-inline' *.facebook.net *.aspnetcdn.com *.whoson.com *.googleapis.com *.theta360.com *.googletagmanager.com; style-src-elem 'self' 'unsafe-inline' *.whoson.com *.bootstrapcdn.com *.facebook.com *.googleapis.com; font-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.gstatic.com; connect-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.googleapis.com *.whoson.com; report-uri /csp/; 1
font-src *.googleapis.com *.gstatic.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com *.facebook.com *.livechatinc.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.facebook.com *.doubleclick.net *.paypal.com *.kaptcha.com *.livechatinc.com *.rfihub.com *.adnxs.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com *.cloudflare.com *.facebook.com *.google.com *.google.com.mx *.googleusercontent.com *.paypal.com *.icons8.com *.marketo.net *.amazonaws.com *.magecomp.com *.bizibly.com *.showmethepartsdb2.com *.showmethepartsdb.com c5b6534ed7.nxcli.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.cloudflare.com *.twitter.com *.fontawesome.com *.facebook.net *.doubleclick.net *.bizible.com *.bing.com *.marketo.net *.livechatinc.com *.weglot.com *.rezync.com *.licdn.com *.stackadapt.com *.hotjar.com *.rfihub.net *.boomtrain.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.stackadapt.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.cloudflare.com *.doubleclick.net *.google-analytics.com *.facebook.com *.gstatic.com *.boomtrain.com *.stackadapt.com *.livechatinc.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'unsafe-eval' blob: 'self' https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline' internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; default-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; style-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com 'unsafe-inline'; img-src * data: blob:; object-src 'none'; report-uri https://services.fandom.com/csp-logger/csp/ucp; worker-src 'self' blob: 1
object-src 'none';base-uri 'self';script-src 'nonce-4Ei_SFPllUQ13UzakTbOjQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; script-src 'self' cdn.jsdelivr.net https://cdn.jsdelivr.net https://static.addtoany.com mdbootstrap.com; script-src-attr 'self'; style-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com mdbootstrap.com use.fontawesome.com; style-src-attr 'self'; frame-ancestors 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-lx02FMBq1fLGJ9SjxUVitQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'unsafe-inline' 'unsafe-eval' data: https:; 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.adobedtm.com https://www.datadoghq-browser-agent.com; style-src 'self' 'unsafe-inline'; report-uri /rest/csp-reporter 1
object-src 'none';base-uri 'self';script-src 'nonce-7FM8NItibtTpctQmI9lzsA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-AIR3kTBaJ9SiHPd43O-_rg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * ; style-src * 'unsafe-inline'; media-src * data:; report-uri https://www.blickle.com:9000/registercsp2; report-to cspreport; 1
script-src 'nonce-HLDdxtr7ExH6LYQBWU90IQ' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com magento-cloudflare.jetrails.com https://www.googletagmanager.com/ www.googletagmanager.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.trackedlink.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://images.unsplash.com *.ytimg.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com store.paradoxlabs.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.attn.tv events.attentivemobile.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.googleapis.com *.google.com *.gstatic.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com https://cdnjs.cloudflare.com *.authorize.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com downloads.mailchimp.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.attn.tv events.attentivemobile.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.authorize.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-1L_JJEZI5LSKo6tiHKgjoA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-1QxVPuP2H9BFKh0iZPe-eg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline' 1
default-src https:;script-src https: 'strict-dynamic' 'nonce-b319e6e226a59567c460436ece0a519113f60853f6aec2d5d598f598962b4fa5' 'unsafe-inline' 'unsafe-eval' 'report-sample';style-src https: 'unsafe-inline';img-src https: data:;connect-src https: wss:;font-src https: data:;object-src 'none';media-src https: blob: data:;frame-src https: null data: blob:;child-src 'self' https:;form-action 'self';frame-ancestors https://my.firespring.com;base-uri 'self' https://insights.sitesearch360.com;worker-src 'self' blob:;manifest-src 'self' https://cdn.firespring.com;report-uri /csp_log?n=1 1
font-src https://www.gstatic.com https://fonts.gstatic.com 'self' data: *.gstatic.com *.qianqian.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.ipg-online.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://*.google.com newassets.hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com landofcoder.com https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://img.youtube.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.fbcdn.net *.google.com *.facebook.com *.cdninstagram.com *.instagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ s7.addthis.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com landofcoder.com https://player.vimeo.com https://www.youtube.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.instagram.com *.google.com *.googleapis.com *.facebook.com *.facebook.net *.googletagmanager.com cdnjs.cloudflare.com paypalobjects.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.xtento.com  *.adobedtm.com  'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com http://fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.google.com *.gstatic.com *.qianqian.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com landofcoder.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.gstatic.com *.doubleclick.net *.qianqian.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src hcaptcha.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
block-all-mixed-content; frame-ancestors 'none'; report-uri /global-cgi-bin/csp-report 1
object-src 'none';base-uri 'self';script-src 'nonce-K7Agg1NTxm2TbNgMrMcdRA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; img-src * data: blob:; style-src * 'unsafe-inline' blob: https://fonts.bunny.net; font-src 'self' data: https://fonts.bunny.net https://fonts.gstatic.com https://cuatro.sim-cdn.nl https://cuatro.sim-cdn-acceptatie.nl https://cuatro.sim-cdn-test.nl; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; form-action 'self'; media-src https://*.readspeaker.com https://*.streamlock.net https://storage.googleapis.com https://scribit-pro-hosting.storage.googleapis.com https://scribit-pro.storage.googleapis.com https://app.talkjs.com 'self' blob:; frame-src *; frame-ancestors 'self'; worker-src * 'unsafe-inline' blob:; report-uri /api/csp-report 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com https://www.gstatic.com *.klevu.com *.ksearchnet.com *.fontawesome.com maxcdn.bootstrapcdn.com data: https://static.afterpay.com/ https://js.klevu.com/ https://maxcdn.bootstrapcdn.com/ https://v2.zopim.com/ https://www.gstatic.com/ https://fonts.gstatic.com/ https://staticw2.yotpo.com/ https://fonts.gstatic.com *.yotpo.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.localhost.com *.paymentexpress.com *.windcave.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk https://www.youtube.com/ https://popup.laybuy.com/ https://player.vimeo.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.localhost.com *.paymentexpress.com *.windcave.com https://www.google.com *.weltpixel.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.afterpay.com https://site-assets.afterpay.com/ *.googleapis.com *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://static.afterpay.com/ https://cdn.stamped.io/ https://www.instagram.com/ https://instagram.fhrk2-1.fna.fbcdn.net/ https://js.klevu.com/ https://integration-assets.laybuy.com/ http://a.klaviyo.com/ https://v2.zopim.com/ https://maps.gstatic.com/ https://mcprod.naturebaby.co.nz/ https://mcprod.naturebaby.com/ https://mcprod.naturebaby.eu/ https://mcprod.naturebaby.com.hk/ https://mcprod.naturebabystore.co.uk/ https://mcprod.naturebaby.com.au/ https://mcprod.wholesale.naturebaby.com.au/ https://mcprod.wholesale.naturebaby.co.nz/ https://mcprod.wholesale.naturebaby.com/ https://scontent.cdninstagram.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com *.yotpo.com *.facebook.com *.google.com *.google.co.nz blob:  data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://api.addressfinder.io https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.googleapis.com https://www.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com s7.addthis.com *.avada.io http://foursixty.com/ https://portal.sandbox.afterpay.com/ https://api.addressfinder.io/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://js.klevu.com/ https://maps.googleapis.com/ https://v2.zopim.com/ https://static.zdassets.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://cdn.searchspring.net/intellisuggest/is.min.js https://www.google.com *.maxmind.com www.xtento.com cdn.xtento.com *.yotpo.com *.cfjump.com cfjump.naturebaby.co.nz cfjump.naturebaby.com.au *.klaviyo.com *.facebook.net *.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://api.addressfinder.io static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com maxcdn.bootstrapcdn.com https://static.afterpay.com/ http://cdn1.stamped.io/ http://foursixty.com/ http://fonts.googleapis.com/ https://api.addressfinder.io/ https://js.klevu.com/ https://maxcdn.bootstrapcdn.com/ https://static.klaviyo.com/ unsafe-inline assets.braintreegateway.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io https://api.addressfinder.io static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com ekr.zdassets.com/ https://get.geojs.io *.avada.io https://static.afterpay.com/ http://foursixty.com/ https://bam.nr-data.net/ https://www.paypal.com/ https://fast.a.klaviyo.com/ https://v2.zopim.com/ wss://widget-mediator.zopim.com/ https://ekr.zdassets.com/ https://uscs23.ksearchnet.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://beacon.searchspring.io/beacon *.mmapiws.com *.yotpo.com *.klaviyo.com *.google-analytics.com *.zendesk.com *.doubleclick.net *.clarity.ms *.afterpay.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://static.klaviyo.com/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-ohCgtooxpqUPVIZRyfFZYA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-k9iSABYLZgaurI8eJCjRfg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
connect-src 'self' wss://www.domainspot.com https://www.google-analytics.com/; default-src 'none'; font-src 'report-sample' 'self' https://fonts.gstatic.com; form-action 'report-sample' 'self'; frame-ancestors 'self'; frame-src 'self' https://js.stripe.com https://www.google.com https://td.doubleclick.net/; img-src 'report-sample' 'self' data: https://www.google.com; report-to default; report-uri https://www.tierra.net/special/report/csp; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://googleads.g.doubleclick.net https://js.stripe.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com 1
object-src 'none';base-uri 'self';script-src 'nonce-gclceqpIKKLQLNy8juPbqg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src data: 'unsafe-inline' 'self' https://fonts.googleapis.com https://fonts.gstatic.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://unpkg.com/alpinejs@3.3.1/dist/cdn.min.js https://fonts.googleapis.com https://fonts.gstatic.com; object-src 'self'; connect-src 'self' https://api.asergo.com/v1/; report-uri https://api.asergo.com/reporting/content-security; 1
font-src *.gstatic.com *.googleapis.com *.maxcdn.bootstrapcdn.com *.yotpo.com *.fontawesome.co *.fontawesome.com *.typekit.net *.fonts.gstatic.com *.cloudflare.com *.trustedshops.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.addthis.com *.addthisedge.com *.snapwidget.com *.google.com *.freshchat.com *.consensu.org *.sharethis.com *.facebook.net *.facebook.com *.doubleclick.net *.twitter.com *.youtube.com *.yotpo.com 'self' 'unsafe-inline'; img-src *.assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.maps.gstatic.com *.gstatic.com *.bing.com *.google.com *.google.mk *.facebook.com *.connect.facebook.net *.facebook.net *.sharethis.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.paypalobjects.com *.paypal.com *.amanatool.com *.cloudfront.net *.cloudflare.com *.klarna.com *.twitter.com *.googleapis.com *.nextopia.net *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.assets.adobedtm.com *.addthisedge.com *.addthis.com *.moatads.com *.z.moatads.com *.authorize.net *.gstatic.com *.google.com *.googlecommerce.com *.googleapis.com *.ajax.googleapis.com *.cloudflareinsights.com *.snapwidget.com *.freshchat.com *.typekit.net *.woopra.com *.bing.com *.cookiepro.com *.facebook.net *.barilliance.com *.barilliance.net *.inspectlet.com *.doubleclick.net *.onetrust.com *.sharethis.com *.googletagmanager.com *.vector.nextopiasoftware.com *.cloudflare.com *.twitter.com *.google-analytics.com *.trustedshops.com *.fontawesome.com *.maps.googleapis.com maps.googleapis.com cdn.nextopia.net *.ecomm-nav.com https://cdn.searchspring.net/intellisuggest/is.min.js *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.gstatic.com *.googleapis.com maxcdn.bootstrapcdn.com *.freshchat.com *.cloudflare.com *.twitter.com *.trustedshops.com *.fontawesome.com cdn.nextopia.net *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.cookiepro.com *.doubleclick.net *.sharethis.com *.googletagmanager.com *.google-analytics.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleapis.com *.nextopia.net https://beacon.searchspring.io/beacon *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.nextopia.net *.ecomm-nav.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google.com *.facebook.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://amanatool.com/; report-to report-endpoint; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: images2.hertz.com a.tiles.mapquest.com *.optimizely.com assets.mapquestapi.com www.hertzpageo.com *.clarity.ms www.google.com *.gstatic.com ssl.google-analytics.com www.mapquestapi.com *.facebook.net cdn-prod.eu.securiti.ai www.google-analytics.com www.hertz.ch *.linkedin.com *.googlesyndication.com api.mqcdn.com use.fontawesome.com www.google.ch js.stripe.com www.googletagmanager.com images.hertz.com *.googleapis.com region1.analytics.google.com ecom.mss.hertz.io app.eu.securiti.ai loc.hertz.com *.doubleclick.net www.googletagservices.com *.facebook.com *.googleadservices.com *.licdn.com api.hertz.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src https://fonts.gstatic.com https://ws.colissimo.fr *.fontawesome.com https://viewer.ipaper.io https://ipaper.io *.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.ariba.com app.instapunchout.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com *.ariba.com app.instapunchout.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.youtube.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr https://api.mapbox.com maps.gstatic.com https://viewer.ipaper.io https://ipaper.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com applepay.cdn-apple.com maps.googleapis.com https://viewer.ipaper.io https://ipaper.io *.zdassets.com *.google.com *.gstatic.com *.relewise.com *.trustpilot.com *.jsdelivr.net https://www.cchobby.nl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com *.fontawesome.com applepay.cdn-apple.com https://viewer.ipaper.io https://ipaper.io *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://viewer.ipaper.io https://ipaper.io *.zdassets.com *.facebook.com *.relewise.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://nominatim.openstreetmap.org autocomplete2.postdirekt.de *.zdassets.com *.zendesk.com wss://widget-mediator.zopim.com *.relewise.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://viewer.ipaper.io https://ipaper.io 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; script-src http: https: 'nonce-tSXHW9gLS3bUFHrxc+D9LbYGa3oL23wEbeloF0pedMM='; connect-src 'self'; worker-src blob:; style-src 'self' 'unsafe-inline'; img-src 'self' *.sbb.spk-berlin.de *.staatsbibliothek-berlin.de *.sbb.berlin; font-src 'self'; base-uri 'self'; 1
require-trusted-types-for 'script';report-uri /_/Gstore/cspreport 1
object-src 'none';base-uri 'self';script-src 'nonce-EXLRnvFfTg_CRI1Ryl5qZQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-T1EaSlT7aees0Ie7ZxXmKQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-HWEgWMp8BJEuNoxLQYsbPA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-uJKYcy2v0S9DGRNh-xztMQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.stripe.com *.google.com *.sagepay.com *.fontawesome.com https://googleads.g.doubleclick.net *.iubenda.com https://hits-i.iubenda.com https://cdn.iubenda.com https://paypal-eu-cdn.cloudiq.com https://paypal-eu-arh.cloudiq.com https://www.paypalobjects.com https://ww2.feefo.com *.feefo.com https://eu1-search.doofinder.com *.purechatcdn.com https://secure.gravatar.com https://r1.trackedweb.net *.doofinder.com *.purechat.com *.google-analytics.com *.googleadservices.com *.yotpo.com *.cloudflare.com *.twitter.com https://www.google.co.uk *.google.co.in https://www.google.gr *.typekit.net *.twimg.com *.trustedshops.com *.bootstrapcdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.stripe.com *.google.com *.sagepay.com https://eu1-search.doofinder.com *.purechatcdn.com https://secure.gravatar.com https://r1.trackedweb.net *.doofinder.com *.purechat.com *.google-analytics.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com js.stripe.com *.sagepay.com *.hotjar.com *.iubenda.com https://hits-i.iubenda.com https://cdn.iubenda.com https://ajax.googleapis.com https://paypal-eu-cdn.cloudiq.com https://paypal-eu-arh.cloudiq.com https://www.paypalobjects.com https://ww2.feefo.com *.feefo.com https://eu1-search.doofinder.com *.purechatcdn.com https://secure.gravatar.com https://r1.trackedweb.net *.doofinder.com *.purechat.com *.google-analytics.com *.twitter.com https://www.google.com https://www.google.co.uk https://www.google.co.in https://www.facebook.com https://www.google.gr *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://ajax.googleapis.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com maps.gstatic.com *.stripe.com ebizmarts-website.s3.amazonaws.com *.sagepay.com bat.bing.com *.google.co.uk *.googleadservices.com *.google-analytics.com *.magentocommerce.com *.widgets.magentocommerce.com https://www.paypalobjects.com *.postcodeanywhere.co.uk https://googleads.g.doubleclick.net *.iubenda.com https://hits-i.iubenda.com https://cdn.iubenda.com https://paypal-eu-cdn.cloudiq.com https://paypal-eu-arh.cloudiq.com https://ww2.feefo.com *.feefo.com https://eu1-search.doofinder.com *.purechatcdn.com https://secure.gravatar.com https://r1.trackedweb.net *.doofinder.com *.purechat.com *.yotpo.com *.cloudflare.com https://www.google.co.uk *.google.co.in https://www.facebook.com *.klarna.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://www.google.gr data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://ajax.googleapis.com *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.bg *.googletagmanager.com connect.facebook.net *.facebook.net *.doubleclick.net *.google-analytics.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.sagepay.com *.avada.io player.vimeo.com js-agent.newrelic.com bam.nr-data.net googletagmanager.com googleadservices.com https://googleads.g.doubleclick.net *.iubenda.com https://hits-i.iubenda.com https://cdn.iubenda.com https://paypal-eu-cdn.cloudiq.com https://paypal-eu-arh.cloudiq.com *.paypalobjects.com https://ww2.feefo.com *.feefo.com https://eu1-search.doofinder.com *.purechatcdn.com https://secure.gravatar.com https://r1.trackedweb.net *.doofinder.com *.purechat.com *.googleadservices.com *.yotpo.com *.cloudflare.com *.twitter.com https://www.google.co.uk *.google.co.in *.facebook.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net https://chimpstatic.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com *.authorize.net https://www.google.gr klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.google.com *.sagepay.com *.fontawesome.com services.postcodeanywhere.co.uk *.typekit.net https://googleads.g.doubleclick.net *.iubenda.com https://hits-i.iubenda.com https://cdn.iubenda.com https://paypal-eu-cdn.cloudiq.com https://paypal-eu-arh.cloudiq.com https://www.paypalobjects.com https://ww2.feefo.com *.feefo.com https://eu1-search.doofinder.com *.purechatcdn.com https://secure.gravatar.com https://r1.trackedweb.net *.doofinder.com *.purechat.com *.googleadservices.com *.google-analytics.com *.yotpo.com *.cloudflare.com *.twitter.com https://www.google.co.uk *.google.co.in *.twimg.com *.trustedshops.com *.usercentrics.eu *.youtube.com *.bootstrapcdn.com https://www.google.gr 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://ajax.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.sagepay.com https://get.geojs.io *.avada.io https://googleads.g.doubleclick.net *.iubenda.com https://hits-i.iubenda.com https://cdn.iubenda.com https://paypal-eu-cdn.cloudiq.com https://paypal-eu-arh.cloudiq.com https://www.paypalobjects.com https://ww2.feefo.com *.feefo.com https://eu1-search.doofinder.com *.purechatcdn.com https://secure.gravatar.com https://r1.trackedweb.net *.doofinder.com *.purechat.com *.googleadservices.com *.yotpo.com *.cloudflare.com *.twitter.com *.twimg.com https://www.google.co.uk *.google.co.in https://www.google.gr klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.camlab.co.uk; report-to report-endpoint; 1
font-src fonts.googleapis.com fonts.gstatic.com *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com maxcdn.bootstrapcdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net *.facebook.com *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.magezon.com *.multisafepay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com downloads.mailchimp.com maxcdn.bootstrapcdn.com *.fontawesome.com *.multisafepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com https://get.geojs.io *.avada.io *.multisafepay.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net adservice.google.com *.cloudinary.com ariane.abtasty.com cdn.jsdelivr.net www.googletagmanager.com www.google.com dcinfos-cache.abtasty.com region1.analytics.google.com www.google-analytics.com try.abtasty.com www.google.co.uk c0.adalyser.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com *.fontawesome.com *.googleapis.com www.liverdoctor.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.authorize.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.liverdoctor.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net www.liverdoctor.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.liverdoctor.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.liverdoctor.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.fontawesome.com *.googleapis.com *.gstatic.com player.vimeo.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com www.liverdoctor.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com maxcdn.bootstrapcdn.com *.fontawesome.com assets.braintreegateway.com www.liverdoctor.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.liverdoctor.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com www.liverdoctor.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.liverdoctor.com http: https: blob: 'self' 'unsafe-inline'; default-src www.liverdoctor.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com https://widgets.trustedshops.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://www.googletagmanager.com/ www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://img.youtube.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ s7.addthis.com *.googleapis.com *.google.com *.gstatic.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ ekr.zdassets.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self' www.google-analytics.com;connect-src 'self';default-src 'self';form-action 'self' murze.be murze.be.test sendy.murze.be platform.twitter.com syndication.twitter.com;img-src 'self' * 'unsafe-inline' data:;media-src 'self';object-src 'none';script-src 'self' 'nonce-8AsR7PdO9FnfPy5FVPLgfvZKHnehAyYT' murze.be murze.be.test www.google.com www.gstatic.com cdn.jsdelivr.net avd.innity.net unpkg.com cdnjs.cloudflare.com *.googlesyndication.com 'unsafe-eval' *.bootstrapcdn.com srv.carbonads.net script.carbonads.com cdn.carbonads.com fonts.googleapis.com *.google-analytics.com www.google-analytics.com *.googletagmanager.com platform.twitter.com *.twimg.com;style-src 'self' 'nonce-8AsR7PdO9FnfPy5FVPLgfvZKHnehAyYT' murze.be murze.be.test 'unsafe-inline' www.google.com www.gstatic.com cdn.jsdelivr.net use.fontawesome.com cdnjs.cloudflare.com avd.innity.net *.googlesyndication.com *.bootstrapcdn.com fonts.googleapis.com platform.twitter.com;font-src * 'unsafe-inline' *.bootstrapcdn.com fonts.gstatic.com;frame-src platform.twitter.com syndication.twitter.com *.youtube.com www.google.com www.gstatic.com googleads.g.doubleclick.net *.googlesyndication.com 1